mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-17 18:02:05 +01:00
Allow modification of keys with custom reference date
Also, bind subkeys using SubkeyBindingSignatureBuilder
This commit is contained in:
parent
3030de7f3f
commit
c3dc3c9d87
10 changed files with 207 additions and 170 deletions
|
@ -127,7 +127,11 @@ public final class PGPainless {
|
||||||
* @return builder
|
* @return builder
|
||||||
*/
|
*/
|
||||||
public static SecretKeyRingEditorInterface modifyKeyRing(PGPSecretKeyRing secretKeys) {
|
public static SecretKeyRingEditorInterface modifyKeyRing(PGPSecretKeyRing secretKeys) {
|
||||||
return new SecretKeyRingEditor(secretKeys);
|
return modifyKeyRing(secretKeys, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static SecretKeyRingEditorInterface modifyKeyRing(PGPSecretKeyRing secretKeys, Date referenceTime) {
|
||||||
|
return new SecretKeyRingEditor(secretKeys, referenceTime);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -85,10 +85,10 @@ public class KeyRingInfo {
|
||||||
* Evaluate the key ring at the provided validation date.
|
* Evaluate the key ring at the provided validation date.
|
||||||
*
|
*
|
||||||
* @param keys key ring
|
* @param keys key ring
|
||||||
* @param validationDate date of validation
|
* @param referenceDate date of validation
|
||||||
*/
|
*/
|
||||||
public KeyRingInfo(PGPKeyRing keys, Date validationDate) {
|
public KeyRingInfo(PGPKeyRing keys, Date referenceDate) {
|
||||||
this(keys, PGPainless.getPolicy(), validationDate);
|
this(keys, PGPainless.getPolicy(), referenceDate);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -96,12 +96,12 @@ public class KeyRingInfo {
|
||||||
*
|
*
|
||||||
* @param keys key ring
|
* @param keys key ring
|
||||||
* @param policy policy
|
* @param policy policy
|
||||||
* @param validationDate validation date
|
* @param referenceDate validation date
|
||||||
*/
|
*/
|
||||||
public KeyRingInfo(PGPKeyRing keys, Policy policy, Date validationDate) {
|
public KeyRingInfo(PGPKeyRing keys, Policy policy, Date referenceDate) {
|
||||||
|
this.referenceDate = referenceDate != null ? referenceDate : new Date();
|
||||||
this.keys = keys;
|
this.keys = keys;
|
||||||
this.signatures = new Signatures(keys, validationDate, policy);
|
this.signatures = new Signatures(keys, this.referenceDate, policy);
|
||||||
this.referenceDate = validationDate;
|
|
||||||
this.primaryUserId = findPrimaryUserId();
|
this.primaryUserId = findPrimaryUserId();
|
||||||
this.revocationState = findRevocationState();
|
this.revocationState = findRevocationState();
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,35 +4,17 @@
|
||||||
|
|
||||||
package org.pgpainless.key.modification.secretkeyring;
|
package org.pgpainless.key.modification.secretkeyring;
|
||||||
|
|
||||||
import static org.pgpainless.util.CollectionUtils.concat;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.Date;
|
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.NoSuchElementException;
|
|
||||||
import java.util.Set;
|
|
||||||
import javax.annotation.Nonnull;
|
|
||||||
import javax.annotation.Nullable;
|
|
||||||
|
|
||||||
import org.bouncycastle.bcpg.S2K;
|
import org.bouncycastle.bcpg.S2K;
|
||||||
import org.bouncycastle.bcpg.SecretKeyPacket;
|
import org.bouncycastle.bcpg.SecretKeyPacket;
|
||||||
import org.bouncycastle.bcpg.sig.KeyExpirationTime;
|
import org.bouncycastle.bcpg.sig.KeyExpirationTime;
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPKeyPair;
|
import org.bouncycastle.openpgp.PGPKeyPair;
|
||||||
import org.bouncycastle.openpgp.PGPKeyRingGenerator;
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
|
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
|
||||||
import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor;
|
import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor;
|
||||||
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
|
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.algorithm.AlgorithmSuite;
|
import org.pgpainless.algorithm.AlgorithmSuite;
|
||||||
import org.pgpainless.algorithm.CompressionAlgorithm;
|
import org.pgpainless.algorithm.CompressionAlgorithm;
|
||||||
|
@ -57,26 +39,49 @@ import org.pgpainless.key.protection.passphrase_provider.SolitaryPassphraseProvi
|
||||||
import org.pgpainless.key.util.KeyRingUtils;
|
import org.pgpainless.key.util.KeyRingUtils;
|
||||||
import org.pgpainless.key.util.RevocationAttributes;
|
import org.pgpainless.key.util.RevocationAttributes;
|
||||||
import org.pgpainless.signature.builder.DirectKeySelfSignatureBuilder;
|
import org.pgpainless.signature.builder.DirectKeySelfSignatureBuilder;
|
||||||
|
import org.pgpainless.signature.builder.PrimaryKeyBindingSignatureBuilder;
|
||||||
import org.pgpainless.signature.builder.RevocationSignatureBuilder;
|
import org.pgpainless.signature.builder.RevocationSignatureBuilder;
|
||||||
import org.pgpainless.signature.builder.SelfSignatureBuilder;
|
import org.pgpainless.signature.builder.SelfSignatureBuilder;
|
||||||
|
import org.pgpainless.signature.builder.SubkeyBindingSignatureBuilder;
|
||||||
import org.pgpainless.signature.subpackets.RevocationSignatureSubpackets;
|
import org.pgpainless.signature.subpackets.RevocationSignatureSubpackets;
|
||||||
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
|
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
|
||||||
import org.pgpainless.signature.subpackets.SignatureSubpackets;
|
import org.pgpainless.signature.subpackets.SignatureSubpackets;
|
||||||
import org.pgpainless.signature.subpackets.SignatureSubpacketsHelper;
|
import org.pgpainless.signature.subpackets.SignatureSubpacketsHelper;
|
||||||
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
|
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
|
||||||
import org.pgpainless.util.CollectionUtils;
|
|
||||||
import org.pgpainless.util.Passphrase;
|
import org.pgpainless.util.Passphrase;
|
||||||
import org.pgpainless.util.selection.userid.SelectUserId;
|
import org.pgpainless.util.selection.userid.SelectUserId;
|
||||||
|
|
||||||
|
import javax.annotation.Nonnull;
|
||||||
|
import javax.annotation.Nullable;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.Date;
|
||||||
|
import java.util.Iterator;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.NoSuchElementException;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import static org.pgpainless.util.CollectionUtils.concat;
|
||||||
|
|
||||||
public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
|
|
||||||
private PGPSecretKeyRing secretKeyRing;
|
private PGPSecretKeyRing secretKeyRing;
|
||||||
|
private final Date referenceTime;
|
||||||
|
|
||||||
public SecretKeyRingEditor(PGPSecretKeyRing secretKeyRing) {
|
public SecretKeyRingEditor(PGPSecretKeyRing secretKeyRing) {
|
||||||
|
this(secretKeyRing, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
public SecretKeyRingEditor(PGPSecretKeyRing secretKeyRing, Date referenceTime) {
|
||||||
if (secretKeyRing == null) {
|
if (secretKeyRing == null) {
|
||||||
throw new NullPointerException("SecretKeyRing MUST NOT be null.");
|
throw new NullPointerException("SecretKeyRing MUST NOT be null.");
|
||||||
}
|
}
|
||||||
this.secretKeyRing = secretKeyRing;
|
this.secretKeyRing = secretKeyRing;
|
||||||
|
this.referenceTime = referenceTime;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -99,7 +104,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
PGPSecretKey primaryKey = secretKeyRing.getSecretKey();
|
PGPSecretKey primaryKey = secretKeyRing.getSecretKey();
|
||||||
|
|
||||||
// retain key flags from previous signature
|
// retain key flags from previous signature
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing, referenceTime);
|
||||||
if (info.isHardRevoked(userId.toString())) {
|
if (info.isHardRevoked(userId.toString())) {
|
||||||
throw new IllegalArgumentException("User-ID " + userId + " is hard revoked and cannot be re-certified.");
|
throw new IllegalArgumentException("User-ID " + userId + " is hard revoked and cannot be re-certified.");
|
||||||
}
|
}
|
||||||
|
@ -121,6 +126,9 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
}
|
}
|
||||||
|
|
||||||
SelfSignatureBuilder builder = new SelfSignatureBuilder(primaryKey, protector);
|
SelfSignatureBuilder builder = new SelfSignatureBuilder(primaryKey, protector);
|
||||||
|
if (referenceTime != null) {
|
||||||
|
builder.getHashedSubpackets().setSignatureCreationTime(referenceTime);
|
||||||
|
}
|
||||||
builder.setSignatureType(SignatureType.POSITIVE_CERTIFICATION);
|
builder.setSignatureType(SignatureType.POSITIVE_CERTIFICATION);
|
||||||
|
|
||||||
// Retain signature subpackets of previous signatures
|
// Retain signature subpackets of previous signatures
|
||||||
|
@ -145,7 +153,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
|
|
||||||
// Determine previous key expiration date
|
// Determine previous key expiration date
|
||||||
PGPPublicKey primaryKey = secretKeyRing.getSecretKey().getPublicKey();
|
PGPPublicKey primaryKey = secretKeyRing.getSecretKey().getPublicKey();
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing, referenceTime);
|
||||||
String primaryUserId = info.getPrimaryUserId();
|
String primaryUserId = info.getPrimaryUserId();
|
||||||
PGPSignature signature = primaryUserId == null ?
|
PGPSignature signature = primaryUserId == null ?
|
||||||
info.getLatestDirectKeySelfSignature() : info.getLatestUserIdCertification(primaryUserId);
|
info.getLatestDirectKeySelfSignature() : info.getLatestUserIdCertification(primaryUserId);
|
||||||
|
@ -169,7 +177,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
protector);
|
protector);
|
||||||
|
|
||||||
// unmark previous primary user-ids to be non-primary
|
// unmark previous primary user-ids to be non-primary
|
||||||
info = PGPainless.inspectKeyRing(secretKeyRing);
|
info = PGPainless.inspectKeyRing(secretKeyRing, referenceTime);
|
||||||
for (String otherUserId : info.getValidAndExpiredUserIds()) {
|
for (String otherUserId : info.getValidAndExpiredUserIds()) {
|
||||||
if (userId.toString().equals(otherUserId)) {
|
if (userId.toString().equals(otherUserId)) {
|
||||||
continue;
|
continue;
|
||||||
|
@ -227,7 +235,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
throw new IllegalArgumentException("New user-id cannot be empty.");
|
throw new IllegalArgumentException("New user-id cannot be empty.");
|
||||||
}
|
}
|
||||||
|
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing, referenceTime);
|
||||||
if (!info.isUserIdValid(oldUID)) {
|
if (!info.isUserIdValid(oldUID)) {
|
||||||
throw new NoSuchElementException("Key does not carry user-id '" + oldUID + "', or it is not valid.");
|
throw new NoSuchElementException("Key does not carry user-id '" + oldUID + "', or it is not valid.");
|
||||||
}
|
}
|
||||||
|
@ -333,46 +341,34 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
}
|
}
|
||||||
|
|
||||||
PGPSecretKey primaryKey = secretKeyRing.getSecretKey();
|
PGPSecretKey primaryKey = secretKeyRing.getSecretKey();
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing, referenceTime);
|
||||||
PublicKeyAlgorithm signingKeyAlgorithm = PublicKeyAlgorithm.requireFromId(primaryKey.getPublicKey().getAlgorithm());
|
|
||||||
HashAlgorithm hashAlgorithm = HashAlgorithmNegotiator
|
HashAlgorithm hashAlgorithm = HashAlgorithmNegotiator
|
||||||
.negotiateSignatureHashAlgorithm(PGPainless.getPolicy())
|
.negotiateSignatureHashAlgorithm(PGPainless.getPolicy())
|
||||||
.negotiateHashAlgorithm(info.getPreferredHashAlgorithms());
|
.negotiateHashAlgorithm(info.getPreferredHashAlgorithms());
|
||||||
|
|
||||||
// While we'd like to rely on our own BindingSignatureBuilder implementation,
|
PGPSecretKey secretSubkey = new PGPSecretKey(subkey.getPrivateKey(), subkey.getPublicKey(), ImplementationFactory.getInstance()
|
||||||
// unfortunately we have to use BCs PGPKeyRingGenerator class since there is no public constructor
|
.getV4FingerprintCalculator(), false, subkeyProtector.getEncryptor(subkey.getKeyID()));
|
||||||
// for subkeys. See https://github.com/bcgit/bc-java/pull/1063
|
|
||||||
PGPKeyRingGenerator ringGenerator = new PGPKeyRingGenerator(
|
|
||||||
secretKeyRing,
|
|
||||||
primaryKeyProtector.getDecryptor(primaryKey.getKeyID()),
|
|
||||||
ImplementationFactory.getInstance().getV4FingerprintCalculator(),
|
|
||||||
ImplementationFactory.getInstance().getPGPContentSignerBuilder(
|
|
||||||
signingKeyAlgorithm, hashAlgorithm),
|
|
||||||
subkeyProtector.getEncryptor(subkey.getKeyID()));
|
|
||||||
|
|
||||||
SelfSignatureSubpackets hashedSubpackets = SignatureSubpackets.createHashedSubpackets(primaryKey.getPublicKey());
|
SubkeyBindingSignatureBuilder skBindingBuilder = new SubkeyBindingSignatureBuilder(primaryKey, primaryKeyProtector, hashAlgorithm);
|
||||||
SelfSignatureSubpackets unhashedSubpackets = SignatureSubpackets.createEmptySubpackets();
|
if (referenceTime != null) {
|
||||||
hashedSubpackets.setKeyFlags(flags);
|
skBindingBuilder.getHashedSubpackets().setSignatureCreationTime(referenceTime);
|
||||||
|
}
|
||||||
|
skBindingBuilder.getHashedSubpackets().setKeyFlags(flags);
|
||||||
|
|
||||||
if (bindingSignatureCallback != null) {
|
if (subkeyAlgorithm.isSigningCapable()) {
|
||||||
bindingSignatureCallback.modifyHashedSubpackets(hashedSubpackets);
|
PrimaryKeyBindingSignatureBuilder pkBindingBuilder = new PrimaryKeyBindingSignatureBuilder(secretSubkey, subkeyProtector, hashAlgorithm);
|
||||||
bindingSignatureCallback.modifyUnhashedSubpackets(unhashedSubpackets);
|
if (referenceTime != null) {
|
||||||
|
pkBindingBuilder.getHashedSubpackets().setSignatureCreationTime(referenceTime);
|
||||||
|
}
|
||||||
|
PGPSignature pkBinding = pkBindingBuilder.build(primaryKey.getPublicKey());
|
||||||
|
skBindingBuilder.getHashedSubpackets().addEmbeddedSignature(pkBinding);
|
||||||
}
|
}
|
||||||
|
|
||||||
boolean isSigningKey = CollectionUtils.contains(flags, KeyFlag.SIGN_DATA) ||
|
skBindingBuilder.applyCallback(bindingSignatureCallback);
|
||||||
CollectionUtils.contains(flags, KeyFlag.CERTIFY_OTHER);
|
PGPSignature skBinding = skBindingBuilder.build(secretSubkey.getPublicKey());
|
||||||
PGPContentSignerBuilder primaryKeyBindingSigner = null;
|
|
||||||
if (isSigningKey) {
|
|
||||||
primaryKeyBindingSigner = ImplementationFactory.getInstance().getPGPContentSignerBuilder(subkeyAlgorithm, hashAlgorithm);
|
|
||||||
}
|
|
||||||
|
|
||||||
ringGenerator.addSubKey(subkey,
|
|
||||||
SignatureSubpacketsHelper.toVector((SignatureSubpackets) hashedSubpackets),
|
|
||||||
SignatureSubpacketsHelper.toVector((SignatureSubpackets) unhashedSubpackets),
|
|
||||||
primaryKeyBindingSigner);
|
|
||||||
|
|
||||||
secretKeyRing = ringGenerator.generateSecretKeyRing();
|
|
||||||
|
|
||||||
|
secretSubkey = KeyRingUtils.secretKeyPlusSignature(secretSubkey, skBinding);
|
||||||
|
secretKeyRing = KeyRingUtils.keysPlusSecretKey(secretKeyRing, secretSubkey);
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -558,6 +554,9 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
SignatureType.CERTIFICATION_REVOCATION,
|
SignatureType.CERTIFICATION_REVOCATION,
|
||||||
primarySecretKey,
|
primarySecretKey,
|
||||||
protector);
|
protector);
|
||||||
|
if (referenceTime != null) {
|
||||||
|
signatureBuilder.getHashedSubpackets().setSignatureCreationTime(referenceTime);
|
||||||
|
}
|
||||||
|
|
||||||
signatureBuilder.applyCallback(callback);
|
signatureBuilder.applyCallback(callback);
|
||||||
|
|
||||||
|
@ -585,14 +584,14 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
}
|
}
|
||||||
|
|
||||||
// reissue primary user-id sig
|
// reissue primary user-id sig
|
||||||
String primaryUserId = PGPainless.inspectKeyRing(secretKeyRing).getPossiblyExpiredPrimaryUserId();
|
String primaryUserId = PGPainless.inspectKeyRing(secretKeyRing, referenceTime).getPossiblyExpiredPrimaryUserId();
|
||||||
if (primaryUserId != null) {
|
if (primaryUserId != null) {
|
||||||
PGPSignature prevUserIdSig = getPreviousUserIdSignatures(primaryUserId);
|
PGPSignature prevUserIdSig = getPreviousUserIdSignatures(primaryUserId);
|
||||||
PGPSignature userIdSig = reissuePrimaryUserIdSig(expiration, secretKeyRingProtector, primaryUserId, prevUserIdSig);
|
PGPSignature userIdSig = reissuePrimaryUserIdSig(expiration, secretKeyRingProtector, primaryUserId, prevUserIdSig);
|
||||||
secretKeyRing = KeyRingUtils.injectCertification(secretKeyRing, primaryUserId, userIdSig);
|
secretKeyRing = KeyRingUtils.injectCertification(secretKeyRing, primaryUserId, userIdSig);
|
||||||
}
|
}
|
||||||
|
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing, referenceTime);
|
||||||
for (String userId : info.getValidUserIds()) {
|
for (String userId : info.getValidUserIds()) {
|
||||||
if (userId.equals(primaryUserId)) {
|
if (userId.equals(primaryUserId)) {
|
||||||
continue;
|
continue;
|
||||||
|
@ -618,6 +617,9 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
PGPSignature prevUserIdSig)
|
PGPSignature prevUserIdSig)
|
||||||
throws PGPException {
|
throws PGPException {
|
||||||
SelfSignatureBuilder builder = new SelfSignatureBuilder(secretKeyRing.getSecretKey(), secretKeyRingProtector, prevUserIdSig);
|
SelfSignatureBuilder builder = new SelfSignatureBuilder(secretKeyRing.getSecretKey(), secretKeyRingProtector, prevUserIdSig);
|
||||||
|
if (referenceTime != null) {
|
||||||
|
builder.getHashedSubpackets().setSignatureCreationTime(referenceTime);
|
||||||
|
}
|
||||||
builder.applyCallback(new SelfSignatureSubpackets.Callback() {
|
builder.applyCallback(new SelfSignatureSubpackets.Callback() {
|
||||||
@Override
|
@Override
|
||||||
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
|
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
|
||||||
|
@ -638,6 +640,9 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
PGPPublicKey publicKey = primaryKey.getPublicKey();
|
PGPPublicKey publicKey = primaryKey.getPublicKey();
|
||||||
|
|
||||||
SelfSignatureBuilder builder = new SelfSignatureBuilder(primaryKey, secretKeyRingProtector, prevUserIdSig);
|
SelfSignatureBuilder builder = new SelfSignatureBuilder(primaryKey, secretKeyRingProtector, prevUserIdSig);
|
||||||
|
if (referenceTime != null) {
|
||||||
|
builder.getHashedSubpackets().setSignatureCreationTime(referenceTime);
|
||||||
|
}
|
||||||
builder.applyCallback(new SelfSignatureSubpackets.Callback() {
|
builder.applyCallback(new SelfSignatureSubpackets.Callback() {
|
||||||
@Override
|
@Override
|
||||||
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
|
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
|
||||||
|
@ -662,6 +667,9 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
final Date keyCreationTime = publicKey.getCreationTime();
|
final Date keyCreationTime = publicKey.getCreationTime();
|
||||||
|
|
||||||
DirectKeySelfSignatureBuilder builder = new DirectKeySelfSignatureBuilder(primaryKey, secretKeyRingProtector, prevDirectKeySig);
|
DirectKeySelfSignatureBuilder builder = new DirectKeySelfSignatureBuilder(primaryKey, secretKeyRingProtector, prevDirectKeySig);
|
||||||
|
if (referenceTime != null) {
|
||||||
|
builder.getHashedSubpackets().setSignatureCreationTime(referenceTime);
|
||||||
|
}
|
||||||
builder.applyCallback(new SelfSignatureSubpackets.Callback() {
|
builder.applyCallback(new SelfSignatureSubpackets.Callback() {
|
||||||
@Override
|
@Override
|
||||||
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
|
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
|
||||||
|
@ -677,12 +685,12 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
||||||
}
|
}
|
||||||
|
|
||||||
private PGPSignature getPreviousDirectKeySignature() {
|
private PGPSignature getPreviousDirectKeySignature() {
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing, referenceTime);
|
||||||
return info.getLatestDirectKeySelfSignature();
|
return info.getLatestDirectKeySelfSignature();
|
||||||
}
|
}
|
||||||
|
|
||||||
private PGPSignature getPreviousUserIdSignatures(String userId) {
|
private PGPSignature getPreviousUserIdSignatures(String userId) {
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeyRing, referenceTime);
|
||||||
return info.getLatestUserIdCertification(userId);
|
return info.getLatestUserIdCertification(userId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -10,9 +10,11 @@ import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
|
import org.pgpainless.algorithm.HashAlgorithm;
|
||||||
import org.pgpainless.algorithm.SignatureType;
|
import org.pgpainless.algorithm.SignatureType;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||||
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
|
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
|
||||||
|
import org.pgpainless.signature.subpackets.SignatureSubpackets;
|
||||||
|
|
||||||
public class PrimaryKeyBindingSignatureBuilder extends AbstractSignatureBuilder<PrimaryKeyBindingSignatureBuilder> {
|
public class PrimaryKeyBindingSignatureBuilder extends AbstractSignatureBuilder<PrimaryKeyBindingSignatureBuilder> {
|
||||||
|
|
||||||
|
@ -21,6 +23,15 @@ public class PrimaryKeyBindingSignatureBuilder extends AbstractSignatureBuilder<
|
||||||
super(SignatureType.PRIMARYKEY_BINDING, subkey, subkeyProtector);
|
super(SignatureType.PRIMARYKEY_BINDING, subkey, subkeyProtector);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public PrimaryKeyBindingSignatureBuilder(PGPSecretKey secretSubKey,
|
||||||
|
SecretKeyRingProtector subkeyProtector,
|
||||||
|
HashAlgorithm hashAlgorithm)
|
||||||
|
throws PGPException {
|
||||||
|
super(SignatureType.PRIMARYKEY_BINDING, secretSubKey, subkeyProtector, hashAlgorithm,
|
||||||
|
SignatureSubpackets.createHashedSubpackets(secretSubKey.getPublicKey()),
|
||||||
|
SignatureSubpackets.createEmptySubpackets());
|
||||||
|
}
|
||||||
|
|
||||||
public SelfSignatureSubpackets getHashedSubpackets() {
|
public SelfSignatureSubpackets getHashedSubpackets() {
|
||||||
return hashedSubpackets;
|
return hashedSubpackets;
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,9 +10,11 @@ import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
|
import org.pgpainless.algorithm.HashAlgorithm;
|
||||||
import org.pgpainless.algorithm.SignatureType;
|
import org.pgpainless.algorithm.SignatureType;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||||
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
|
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
|
||||||
|
import org.pgpainless.signature.subpackets.SignatureSubpackets;
|
||||||
|
|
||||||
public class SubkeyBindingSignatureBuilder extends AbstractSignatureBuilder<SubkeyBindingSignatureBuilder> {
|
public class SubkeyBindingSignatureBuilder extends AbstractSignatureBuilder<SubkeyBindingSignatureBuilder> {
|
||||||
|
|
||||||
|
@ -21,6 +23,13 @@ public class SubkeyBindingSignatureBuilder extends AbstractSignatureBuilder<Subk
|
||||||
super(SignatureType.SUBKEY_BINDING, signingKey, protector);
|
super(SignatureType.SUBKEY_BINDING, signingKey, protector);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public SubkeyBindingSignatureBuilder(PGPSecretKey signingKey, SecretKeyRingProtector protector, HashAlgorithm hashAlgorithm)
|
||||||
|
throws PGPException {
|
||||||
|
super(SignatureType.SUBKEY_BINDING, signingKey, protector, hashAlgorithm,
|
||||||
|
SignatureSubpackets.createHashedSubpackets(signingKey.getPublicKey()),
|
||||||
|
SignatureSubpackets.createEmptySubpackets());
|
||||||
|
}
|
||||||
|
|
||||||
public SubkeyBindingSignatureBuilder(
|
public SubkeyBindingSignatureBuilder(
|
||||||
PGPSecretKey signingKey,
|
PGPSecretKey signingKey,
|
||||||
SecretKeyRingProtector protector,
|
SecretKeyRingProtector protector,
|
||||||
|
|
|
@ -16,6 +16,7 @@ import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
import java.util.Date;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.bouncycastle.bcpg.sig.IssuerFingerprint;
|
import org.bouncycastle.bcpg.sig.IssuerFingerprint;
|
||||||
|
@ -40,7 +41,7 @@ public class KeyGenerationSubpacketsTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void verifyDefaultSubpacketsForUserIdSignatures()
|
public void verifyDefaultSubpacketsForUserIdSignatures()
|
||||||
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("Alice");
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("Alice");
|
||||||
|
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
||||||
|
@ -88,10 +89,9 @@ public class KeyGenerationSubpacketsTest {
|
||||||
|
|
||||||
assertEquals("Bob", info.getPrimaryUserId());
|
assertEquals("Bob", info.getPrimaryUserId());
|
||||||
|
|
||||||
// wait one sec so that it is clear that the new certification for alice is the most recent one
|
Date now = new Date();
|
||||||
Thread.sleep(1000);
|
Date t1 = new Date(now.getTime() + 1000 * 60 * 60);
|
||||||
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, t1)
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
|
||||||
.addUserId("Alice", new SelfSignatureSubpackets.Callback() {
|
.addUserId("Alice", new SelfSignatureSubpackets.Callback() {
|
||||||
@Override
|
@Override
|
||||||
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
|
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
|
||||||
|
@ -100,7 +100,7 @@ public class KeyGenerationSubpacketsTest {
|
||||||
}
|
}
|
||||||
}, SecretKeyRingProtector.unprotectedKeys())
|
}, SecretKeyRingProtector.unprotectedKeys())
|
||||||
.done();
|
.done();
|
||||||
info = PGPainless.inspectKeyRing(secretKeys);
|
info = PGPainless.inspectKeyRing(secretKeys, t1);
|
||||||
assertEquals("Alice", info.getPrimaryUserId());
|
assertEquals("Alice", info.getPrimaryUserId());
|
||||||
assertEquals(Collections.singleton(HashAlgorithm.SHA1), info.getPreferredHashAlgorithms("Alice"));
|
assertEquals(Collections.singleton(HashAlgorithm.SHA1), info.getPreferredHashAlgorithms("Alice"));
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,7 +34,7 @@ public class ChangeExpirationTest {
|
||||||
@TestTemplate
|
@TestTemplate
|
||||||
@ExtendWith(TestAllImplementations.class)
|
@ExtendWith(TestAllImplementations.class)
|
||||||
public void setExpirationDateAndThenUnsetIt_OnPrimaryKey()
|
public void setExpirationDateAndThenUnsetIt_OnPrimaryKey()
|
||||||
throws PGPException, IOException, InterruptedException {
|
throws PGPException, IOException {
|
||||||
|
|
||||||
PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
|
PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
|
||||||
KeyRingInfo sInfo = PGPainless.inspectKeyRing(secretKeys);
|
KeyRingInfo sInfo = PGPainless.inspectKeyRing(secretKeys);
|
||||||
|
@ -42,6 +42,7 @@ public class ChangeExpirationTest {
|
||||||
assertNull(sInfo.getPrimaryKeyExpirationDate());
|
assertNull(sInfo.getPrimaryKeyExpirationDate());
|
||||||
assertNull(sInfo.getSubkeyExpirationDate(subKeyFingerprint));
|
assertNull(sInfo.getSubkeyExpirationDate(subKeyFingerprint));
|
||||||
|
|
||||||
|
Date now = new Date();
|
||||||
Date date = DateUtil.parseUTCDate("2020-11-27 16:10:32 UTC");
|
Date date = DateUtil.parseUTCDate("2020-11-27 16:10:32 UTC");
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
||||||
.setExpirationDate(date, new UnprotectedKeysProtector()).done();
|
.setExpirationDate(date, new UnprotectedKeysProtector()).done();
|
||||||
|
@ -51,15 +52,11 @@ public class ChangeExpirationTest {
|
||||||
// subkey unchanged
|
// subkey unchanged
|
||||||
assertNull(sInfo.getSubkeyExpirationDate(subKeyFingerprint));
|
assertNull(sInfo.getSubkeyExpirationDate(subKeyFingerprint));
|
||||||
|
|
||||||
// We need to wait for one second as OpenPGP signatures have coarse-grained (up to a second)
|
Date t1 = new Date(now.getTime() + 1000 * 60 * 60);
|
||||||
// accuracy. Creating two signatures within a short amount of time will make the second one
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, t1)
|
||||||
// "invisible"
|
|
||||||
Thread.sleep(1100);
|
|
||||||
|
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
|
||||||
.setExpirationDate(null, new UnprotectedKeysProtector()).done();
|
.setExpirationDate(null, new UnprotectedKeysProtector()).done();
|
||||||
|
|
||||||
sInfo = PGPainless.inspectKeyRing(secretKeys);
|
sInfo = PGPainless.inspectKeyRing(secretKeys, t1);
|
||||||
assertNull(sInfo.getPrimaryKeyExpirationDate());
|
assertNull(sInfo.getPrimaryKeyExpirationDate());
|
||||||
assertNull(sInfo.getSubkeyExpirationDate(subKeyFingerprint));
|
assertNull(sInfo.getSubkeyExpirationDate(subKeyFingerprint));
|
||||||
}
|
}
|
||||||
|
@ -67,32 +64,30 @@ public class ChangeExpirationTest {
|
||||||
@TestTemplate
|
@TestTemplate
|
||||||
@ExtendWith(TestAllImplementations.class)
|
@ExtendWith(TestAllImplementations.class)
|
||||||
public void setExpirationDateAndThenUnsetIt_OnSubkey()
|
public void setExpirationDateAndThenUnsetIt_OnSubkey()
|
||||||
throws PGPException, IOException, InterruptedException {
|
throws PGPException, IOException {
|
||||||
|
|
||||||
PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
|
PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
|
||||||
KeyRingInfo sInfo = PGPainless.inspectKeyRing(secretKeys);
|
KeyRingInfo sInfo = PGPainless.inspectKeyRing(secretKeys);
|
||||||
|
|
||||||
assertNull(sInfo.getPrimaryKeyExpirationDate());
|
assertNull(sInfo.getPrimaryKeyExpirationDate());
|
||||||
|
|
||||||
|
Date now = new Date();
|
||||||
Calendar calendar = Calendar.getInstance();
|
Calendar calendar = Calendar.getInstance();
|
||||||
calendar.setTime(new Date());
|
calendar.setTime(now);
|
||||||
calendar.add(Calendar.DATE, 5);
|
calendar.add(Calendar.DATE, 5);
|
||||||
Date expiration = calendar.getTime();
|
Date expiration = calendar.getTime(); // in 5 days
|
||||||
|
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
||||||
.setExpirationDate(expiration, new UnprotectedKeysProtector()).done();
|
.setExpirationDate(expiration, new UnprotectedKeysProtector()).done();
|
||||||
sInfo = PGPainless.inspectKeyRing(secretKeys);
|
sInfo = PGPainless.inspectKeyRing(secretKeys);
|
||||||
assertNotNull(sInfo.getPrimaryKeyExpirationDate());
|
assertNotNull(sInfo.getPrimaryKeyExpirationDate());
|
||||||
JUtils.assertDateEquals(expiration, sInfo.getPrimaryKeyExpirationDate());
|
JUtils.assertDateEquals(expiration, sInfo.getPrimaryKeyExpirationDate());
|
||||||
|
|
||||||
// We need to wait for one second as OpenPGP signatures have coarse-grained (up to a second)
|
Date t1 = new Date(now.getTime() + 1000 * 60 * 60);
|
||||||
// accuracy. Creating two signatures within a short amount of time will make the second one
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, t1)
|
||||||
// "invisible"
|
|
||||||
Thread.sleep(1100);
|
|
||||||
|
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
|
||||||
.setExpirationDate(null, new UnprotectedKeysProtector()).done();
|
.setExpirationDate(null, new UnprotectedKeysProtector()).done();
|
||||||
|
|
||||||
sInfo = PGPainless.inspectKeyRing(secretKeys);
|
sInfo = PGPainless.inspectKeyRing(secretKeys, t1);
|
||||||
assertNull(sInfo.getPrimaryKeyExpirationDate());
|
assertNull(sInfo.getPrimaryKeyExpirationDate());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -118,7 +113,7 @@ public class ChangeExpirationTest {
|
||||||
.done();
|
.done();
|
||||||
|
|
||||||
Date actualExpiration = PGPainless.inspectKeyRing(secretKeys)
|
Date actualExpiration = PGPainless.inspectKeyRing(secretKeys)
|
||||||
.getPrimaryKeyExpirationDate();
|
.getPrimaryKeyExpirationDate();
|
||||||
JUtils.assertDateEquals(notSoFarAwayExpiration, actualExpiration);
|
JUtils.assertDateEquals(notSoFarAwayExpiration, actualExpiration);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,15 +4,6 @@
|
||||||
|
|
||||||
package org.pgpainless.key.modification;
|
package org.pgpainless.key.modification;
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
|
||||||
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
|
||||||
import java.util.Date;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
|
@ -21,54 +12,68 @@ import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.key.info.KeyRingInfo;
|
import org.pgpainless.key.info.KeyRingInfo;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||||
|
|
||||||
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
|
|
||||||
public class ChangePrimaryUserIdAndExpirationDatesTest {
|
public class ChangePrimaryUserIdAndExpirationDatesTest {
|
||||||
|
|
||||||
|
private static final long millisInHour = 1000 * 60 * 60;
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void generateA_primaryB_revokeA_cantSecondaryA()
|
public void generateA_primaryB_revokeA_cantSecondaryA()
|
||||||
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.modernKeyRing("A");
|
.modernKeyRing("A");
|
||||||
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
|
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
|
||||||
|
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
Date now = new Date();
|
||||||
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys, now);
|
||||||
assertFalse(info.isHardRevoked("A"));
|
assertFalse(info.isHardRevoked("A"));
|
||||||
assertFalse(info.isHardRevoked("B"));
|
assertFalse(info.isHardRevoked("B"));
|
||||||
assertIsPrimaryUserId("A", info);
|
assertIsPrimaryUserId("A", info);
|
||||||
assertIsNotValid("B", info);
|
assertIsNotValid("B", info);
|
||||||
assertIsNotPrimaryUserId("B", info);
|
assertIsNotPrimaryUserId("B", info);
|
||||||
|
|
||||||
Thread.sleep(1000);
|
// One hour later
|
||||||
|
Date oneHourLater = new Date(now.getTime() + millisInHour);
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, oneHourLater)
|
||||||
.addPrimaryUserId("B", protector)
|
.addPrimaryUserId("B", protector)
|
||||||
.done();
|
.done();
|
||||||
info = PGPainless.inspectKeyRing(secretKeys);
|
info = PGPainless.inspectKeyRing(secretKeys, oneHourLater);
|
||||||
|
|
||||||
assertIsPrimaryUserId("B", info);
|
assertIsPrimaryUserId("B", info);
|
||||||
assertIsNotPrimaryUserId("A", info);
|
assertIsNotPrimaryUserId("A", info);
|
||||||
|
|
||||||
Thread.sleep(1000);
|
// Two hours later
|
||||||
|
Date twoHoursLater = new Date(now.getTime() + 2 * millisInHour);
|
||||||
|
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, twoHoursLater)
|
||||||
.revokeUserId("A", protector) // hard revoke A
|
.revokeUserId("A", protector) // hard revoke A
|
||||||
.done();
|
.done();
|
||||||
info = PGPainless.inspectKeyRing(secretKeys);
|
info = PGPainless.inspectKeyRing(secretKeys, twoHoursLater);
|
||||||
|
|
||||||
assertTrue(info.isHardRevoked("A"));
|
assertTrue(info.isHardRevoked("A"));
|
||||||
assertFalse(info.isHardRevoked("B"));
|
assertFalse(info.isHardRevoked("B"));
|
||||||
assertIsPrimaryUserId("B", info);
|
assertIsPrimaryUserId("B", info);
|
||||||
assertIsNotValid("A", info);
|
assertIsNotValid("A", info);
|
||||||
|
|
||||||
Thread.sleep(1000);
|
// Three hours later
|
||||||
|
Date threeHoursLater = new Date(now.getTime() + 3 * millisInHour);
|
||||||
|
|
||||||
PGPSecretKeyRing finalSecretKeys = secretKeys;
|
PGPSecretKeyRing finalSecretKeys = secretKeys;
|
||||||
assertThrows(IllegalArgumentException.class, () ->
|
assertThrows(IllegalArgumentException.class, () ->
|
||||||
PGPainless.modifyKeyRing(finalSecretKeys).addUserId("A", protector));
|
PGPainless.modifyKeyRing(finalSecretKeys, threeHoursLater).addUserId("A", protector));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void generateA_primaryExpire_isExpired()
|
public void generateA_primaryExpire_isExpired()
|
||||||
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.modernKeyRing("A");
|
.modernKeyRing("A");
|
||||||
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
|
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
|
||||||
|
@ -76,71 +81,77 @@ public class ChangePrimaryUserIdAndExpirationDatesTest {
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
||||||
assertIsPrimaryUserId("A", info);
|
assertIsPrimaryUserId("A", info);
|
||||||
|
|
||||||
Thread.sleep(1000);
|
Date now = new Date();
|
||||||
|
Date later = new Date(now.getTime() + millisInHour);
|
||||||
|
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, now)
|
||||||
.setExpirationDate(new Date(), protector) // expire the whole key
|
.setExpirationDate(later, protector) // expire the whole key
|
||||||
.done();
|
.done();
|
||||||
|
|
||||||
Thread.sleep(1000);
|
Date evenLater = new Date(now.getTime() + 2 * millisInHour);
|
||||||
|
|
||||||
info = PGPainless.inspectKeyRing(secretKeys);
|
info = PGPainless.inspectKeyRing(secretKeys, evenLater);
|
||||||
assertFalse(info.isUserIdValid("A")); // is expired by now
|
assertFalse(info.isUserIdValid("A")); // is expired by now
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void generateA_primaryB_primaryExpire_bIsStillPrimary()
|
public void generateA_primaryB_primaryExpire_bIsStillPrimary()
|
||||||
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.modernKeyRing("A");
|
.modernKeyRing("A");
|
||||||
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
|
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
|
||||||
|
|
||||||
|
Date now = new Date();
|
||||||
|
// Generate key with primary user-id A
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
||||||
assertIsPrimaryUserId("A", info);
|
assertIsPrimaryUserId("A", info);
|
||||||
|
|
||||||
Thread.sleep(1000);
|
// later set primary user-id to B
|
||||||
|
Date t1 = new Date(now.getTime() + millisInHour);
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, t1)
|
||||||
.addPrimaryUserId("B", protector)
|
.addPrimaryUserId("B", protector)
|
||||||
.done();
|
.done();
|
||||||
info = PGPainless.inspectKeyRing(secretKeys);
|
info = PGPainless.inspectKeyRing(secretKeys, t1);
|
||||||
|
|
||||||
assertIsPrimaryUserId("B", info);
|
assertIsPrimaryUserId("B", info);
|
||||||
assertIsNotPrimaryUserId("A", info);
|
assertIsNotPrimaryUserId("A", info);
|
||||||
|
|
||||||
Thread.sleep(1000);
|
// Even later expire the whole key
|
||||||
|
Date t2 = new Date(now.getTime() + 2 * millisInHour);
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
Date expiration = new Date(now.getTime() + 10 * millisInHour);
|
||||||
.setExpirationDate(new Date(new Date().getTime() + 1000), protector) // expire the whole key in 1 sec
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, t2)
|
||||||
|
.setExpirationDate(expiration, protector) // expire the whole key in 1 hour
|
||||||
.done();
|
.done();
|
||||||
|
|
||||||
info = PGPainless.inspectKeyRing(secretKeys);
|
Date t3 = new Date(now.getTime() + 3 * millisInHour);
|
||||||
|
|
||||||
|
info = PGPainless.inspectKeyRing(secretKeys, t3);
|
||||||
assertIsValid("A", info);
|
assertIsValid("A", info);
|
||||||
assertIsValid("B", info);
|
assertIsValid("B", info);
|
||||||
assertIsPrimaryUserId("B", info);
|
assertIsPrimaryUserId("B", info);
|
||||||
assertIsNotPrimaryUserId("A", info);
|
assertIsNotPrimaryUserId("A", info);
|
||||||
|
|
||||||
Thread.sleep(2000);
|
info = PGPainless.inspectKeyRing(secretKeys, expiration);
|
||||||
|
|
||||||
info = PGPainless.inspectKeyRing(secretKeys);
|
|
||||||
assertIsPrimaryUserId("B", info); // B is still primary, even though
|
assertIsPrimaryUserId("B", info); // B is still primary, even though
|
||||||
assertFalse(info.isUserIdValid("A")); // key is expired by now
|
assertFalse(info.isUserIdValid("A")); // key is expired by now
|
||||||
assertFalse(info.isUserIdValid("B"));
|
assertFalse(info.isUserIdValid("B"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void generateA_expire_certify() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
|
public void generateA_expire_certify()
|
||||||
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("A");
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("A");
|
||||||
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
|
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
|
||||||
|
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
Date now = new Date();
|
||||||
.setExpirationDate(new Date(new Date().getTime() + 1000), protector)
|
Date t1 = new Date(now.getTime() + millisInHour);
|
||||||
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, now)
|
||||||
|
.setExpirationDate(t1, protector)
|
||||||
.done();
|
.done();
|
||||||
|
|
||||||
Thread.sleep(2000);
|
Date t2 = new Date(now.getTime() + 2 * millisInHour);
|
||||||
|
Date t4 = new Date(now.getTime() + 4 * millisInHour);
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, t2)
|
||||||
.setExpirationDate(new Date(new Date().getTime() + 2000), protector)
|
.setExpirationDate(t4, protector)
|
||||||
.done();
|
.done();
|
||||||
|
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
||||||
|
@ -150,49 +161,48 @@ public class ChangePrimaryUserIdAndExpirationDatesTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void generateA_expire_primaryB_expire_isPrimaryB()
|
public void generateA_expire_primaryB_expire_isPrimaryB()
|
||||||
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("A");
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("A");
|
||||||
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
|
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
|
||||||
|
|
||||||
Thread.sleep(1000);
|
Date now = new Date();
|
||||||
|
Date t1 = new Date(now.getTime() + millisInHour);
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, t1)
|
||||||
.setExpirationDate(new Date(), protector)
|
.setExpirationDate(t1, protector)
|
||||||
.done();
|
.done();
|
||||||
|
|
||||||
Thread.sleep(2000);
|
Date t2 = new Date(now.getTime() + 2 * millisInHour);
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys, t2);
|
||||||
|
|
||||||
assertIsPrimaryUserId("A", info);
|
assertIsPrimaryUserId("A", info);
|
||||||
assertIsNotValid("A", info); // A is expired
|
assertIsNotValid("A", info); // A is expired
|
||||||
|
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, t2)
|
||||||
.addPrimaryUserId("B", protector)
|
.addPrimaryUserId("B", protector)
|
||||||
.done();
|
.done();
|
||||||
|
|
||||||
info = PGPainless.inspectKeyRing(secretKeys);
|
Date t3 = new Date(now.getTime() + 3 * millisInHour);
|
||||||
|
info = PGPainless.inspectKeyRing(secretKeys, t3);
|
||||||
|
|
||||||
assertIsPrimaryUserId("B", info);
|
assertIsPrimaryUserId("B", info);
|
||||||
assertIsNotValid("B", info); // A and B are still expired
|
assertIsNotValid("B", info); // A and B are still expired
|
||||||
assertIsNotValid("A", info);
|
assertIsNotValid("A", info);
|
||||||
|
|
||||||
Thread.sleep(1000);
|
Date t4 = new Date(now.getTime() + 4 * millisInHour);
|
||||||
|
Date t5 = new Date(now.getTime() + 5 * millisInHour);
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, t3)
|
||||||
.setExpirationDate(new Date(new Date().getTime() + 10000), protector)
|
.setExpirationDate(t5, protector)
|
||||||
.done();
|
.done();
|
||||||
|
|
||||||
Thread.sleep(1000);
|
info = PGPainless.inspectKeyRing(secretKeys, t4);
|
||||||
info = PGPainless.inspectKeyRing(secretKeys);
|
|
||||||
|
|
||||||
assertIsValid("B", info);
|
assertIsValid("B", info);
|
||||||
assertIsValid("A", info); // A got re-validated when changing exp date
|
assertIsValid("A", info); // A got re-validated when changing exp date
|
||||||
assertIsPrimaryUserId("B", info);
|
assertIsPrimaryUserId("B", info);
|
||||||
|
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, t4)
|
||||||
.addUserId("A", protector) // re-certify A as non-primary user-id
|
.addUserId("A", protector) // re-certify A as non-primary user-id
|
||||||
.done();
|
.done();
|
||||||
info = PGPainless.inspectKeyRing(secretKeys);
|
info = PGPainless.inspectKeyRing(secretKeys, t4);
|
||||||
|
|
||||||
assertIsValid("B", info);
|
assertIsValid("B", info);
|
||||||
assertIsValid("A", info);
|
assertIsValid("A", info);
|
||||||
|
|
|
@ -10,7 +10,6 @@ import static org.junit.jupiter.api.Assertions.assertNotEquals;
|
||||||
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.Calendar;
|
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
|
@ -23,12 +22,14 @@ import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.key.protection.UnprotectedKeysProtector;
|
import org.pgpainless.key.protection.UnprotectedKeysProtector;
|
||||||
import org.pgpainless.util.TestAllImplementations;
|
import org.pgpainless.util.TestAllImplementations;
|
||||||
|
|
||||||
public class OldSignatureSubpacketsArePreservedOnNewSig {
|
public class OldSignatureSubpacketsArePreservedOnNewSigTest {
|
||||||
|
|
||||||
|
private static final long millisInHour = 1000 * 60 * 60;
|
||||||
|
|
||||||
@TestTemplate
|
@TestTemplate
|
||||||
@ExtendWith(TestAllImplementations.class)
|
@ExtendWith(TestAllImplementations.class)
|
||||||
public void verifyOldSignatureSubpacketsArePreservedOnNewExpirationDateSig()
|
public void verifyOldSignatureSubpacketsArePreservedOnNewExpirationDateSig()
|
||||||
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, InterruptedException {
|
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.simpleEcKeyRing("Alice <alice@wonderland.lit>");
|
.simpleEcKeyRing("Alice <alice@wonderland.lit>");
|
||||||
|
|
||||||
|
@ -37,17 +38,14 @@ public class OldSignatureSubpacketsArePreservedOnNewSig {
|
||||||
|
|
||||||
assertEquals(0, oldPackets.getKeyExpirationTime());
|
assertEquals(0, oldPackets.getKeyExpirationTime());
|
||||||
|
|
||||||
Thread.sleep(1000);
|
|
||||||
Date now = new Date();
|
Date now = new Date();
|
||||||
Calendar calendar = Calendar.getInstance();
|
Date t1 = new Date(now.getTime() + millisInHour);
|
||||||
calendar.setTime(now);
|
Date expiration = new Date(now.getTime() + 5 * 24 * millisInHour); // in 5 days
|
||||||
calendar.add(Calendar.DATE, 5);
|
|
||||||
Date expiration = calendar.getTime(); // in 5 days
|
|
||||||
|
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys, t1)
|
||||||
.setExpirationDate(expiration, new UnprotectedKeysProtector())
|
.setExpirationDate(expiration, new UnprotectedKeysProtector())
|
||||||
.done();
|
.done();
|
||||||
PGPSignature newSignature = PGPainless.inspectKeyRing(secretKeys).getLatestUserIdCertification("Alice <alice@wonderland.lit>");
|
PGPSignature newSignature = PGPainless.inspectKeyRing(secretKeys, t1).getLatestUserIdCertification("Alice <alice@wonderland.lit>");
|
||||||
PGPSignatureSubpacketVector newPackets = newSignature.getHashedSubPackets();
|
PGPSignatureSubpacketVector newPackets = newSignature.getHashedSubPackets();
|
||||||
|
|
||||||
assertNotEquals(0, newPackets.getKeyExpirationTime());
|
assertNotEquals(0, newPackets.getKeyExpirationTime());
|
|
@ -11,6 +11,7 @@ import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
|
@ -32,7 +33,7 @@ import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
|
||||||
public class ThirdPartyDirectKeySignatureBuilderTest {
|
public class ThirdPartyDirectKeySignatureBuilderTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDirectKeySignatureBuilding() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
|
public void testDirectKeySignatureBuilding() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.modernKeyRing("Alice");
|
.modernKeyRing("Alice");
|
||||||
|
|
||||||
|
@ -40,9 +41,12 @@ public class ThirdPartyDirectKeySignatureBuilderTest {
|
||||||
secretKeys.getSecretKey(),
|
secretKeys.getSecretKey(),
|
||||||
SecretKeyRingProtector.unprotectedKeys());
|
SecretKeyRingProtector.unprotectedKeys());
|
||||||
|
|
||||||
|
Date now = new Date();
|
||||||
|
Date t1 = new Date(now.getTime() + 1000 * 60 * 60);
|
||||||
dsb.applyCallback(new SelfSignatureSubpackets.Callback() {
|
dsb.applyCallback(new SelfSignatureSubpackets.Callback() {
|
||||||
@Override
|
@Override
|
||||||
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
|
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
|
||||||
|
hashedSubpackets.setSignatureCreationTime(t1);
|
||||||
hashedSubpackets.setKeyFlags(KeyFlag.CERTIFY_OTHER);
|
hashedSubpackets.setKeyFlags(KeyFlag.CERTIFY_OTHER);
|
||||||
hashedSubpackets.setPreferredHashAlgorithms(HashAlgorithm.SHA512);
|
hashedSubpackets.setPreferredHashAlgorithms(HashAlgorithm.SHA512);
|
||||||
hashedSubpackets.setPreferredCompressionAlgorithms(CompressionAlgorithm.ZIP);
|
hashedSubpackets.setPreferredCompressionAlgorithms(CompressionAlgorithm.ZIP);
|
||||||
|
@ -51,13 +55,11 @@ public class ThirdPartyDirectKeySignatureBuilderTest {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
Thread.sleep(1000);
|
|
||||||
|
|
||||||
PGPSignature directKeySig = dsb.build(secretKeys.getPublicKey());
|
PGPSignature directKeySig = dsb.build(secretKeys.getPublicKey());
|
||||||
assertNotNull(directKeySig);
|
assertNotNull(directKeySig);
|
||||||
secretKeys = KeyRingUtils.injectCertification(secretKeys, secretKeys.getPublicKey(), directKeySig);
|
secretKeys = KeyRingUtils.injectCertification(secretKeys, secretKeys.getPublicKey(), directKeySig);
|
||||||
|
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys, t1);
|
||||||
PGPSignature signature = info.getLatestDirectKeySelfSignature();
|
PGPSignature signature = info.getLatestDirectKeySelfSignature();
|
||||||
|
|
||||||
assertNotNull(signature);
|
assertNotNull(signature);
|
||||||
|
|
Loading…
Reference in a new issue