1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-30 00:02:06 +01:00

Add overloaded method for user-id revocation using SelectUserId

This commit is contained in:
Paul Schaub 2021-11-24 15:07:54 +01:00
parent 16e283f3a6
commit cc16a3da88
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
3 changed files with 83 additions and 1 deletions

View file

@ -72,6 +72,7 @@ import org.pgpainless.signature.subpackets.SignatureSubpacketsHelper;
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil; import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
import org.pgpainless.util.CollectionUtils; import org.pgpainless.util.CollectionUtils;
import org.pgpainless.util.Passphrase; import org.pgpainless.util.Passphrase;
import org.pgpainless.util.selection.userid.SelectUserId;
public class SecretKeyRingEditor implements SecretKeyRingEditorInterface { public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
@ -391,12 +392,25 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
return doRevokeUserId(userId, secretKeyRingProtector, subpacketCallback); return doRevokeUserId(userId, secretKeyRingProtector, subpacketCallback);
} }
@Override
public SecretKeyRingEditorInterface revokeUserIds(SelectUserId userIdSelector, SecretKeyRingProtector secretKeyRingProtector, @Nullable RevocationSignatureSubpackets.Callback subpacketsCallback) throws PGPException {
List<String> selected = userIdSelector.selectUserIds(secretKeyRing);
if (selected.isEmpty()) {
throw new NoSuchElementException("No matching user-ids found on the key.");
}
for (String userId : selected) {
doRevokeUserId(userId, secretKeyRingProtector, subpacketsCallback);
}
return this;
}
private SecretKeyRingEditorInterface doRevokeUserId(String userId, private SecretKeyRingEditorInterface doRevokeUserId(String userId,
SecretKeyRingProtector protector, SecretKeyRingProtector protector,
@Nullable RevocationSignatureSubpackets.Callback callback) @Nullable RevocationSignatureSubpackets.Callback callback)
throws PGPException { throws PGPException {
PGPSecretKey primarySecretKey = secretKeyRing.getSecretKey(); PGPSecretKey primarySecretKey = secretKeyRing.getSecretKey();
PGPPublicKey primaryPublicKey = primarySecretKey.getPublicKey();
RevocationSignatureBuilder signatureBuilder = new RevocationSignatureBuilder( RevocationSignatureBuilder signatureBuilder = new RevocationSignatureBuilder(
SignatureType.CERTIFICATION_REVOCATION, SignatureType.CERTIFICATION_REVOCATION,
primarySecretKey, primarySecretKey,

View file

@ -25,6 +25,7 @@ import org.pgpainless.key.util.UserId;
import org.pgpainless.signature.subpackets.RevocationSignatureSubpackets; import org.pgpainless.signature.subpackets.RevocationSignatureSubpackets;
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets; import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
import org.pgpainless.util.Passphrase; import org.pgpainless.util.Passphrase;
import org.pgpainless.util.selection.userid.SelectUserId;
public interface SecretKeyRingEditorInterface { public interface SecretKeyRingEditorInterface {
@ -207,6 +208,11 @@ public interface SecretKeyRingEditorInterface {
@Nullable RevocationSignatureSubpackets.Callback subpacketCallback) @Nullable RevocationSignatureSubpackets.Callback subpacketCallback)
throws PGPException; throws PGPException;
SecretKeyRingEditorInterface revokeUserIds(SelectUserId userIdSelector,
SecretKeyRingProtector secretKeyRingProtector,
@Nullable RevocationSignatureSubpackets.Callback subpacketsCallback)
throws PGPException;
/** /**
* Set the expiration date for the primary key of the key ring. * Set the expiration date for the primary key of the key ring.
* If the key is supposed to never expire, then an expiration date of null is expected. * If the key is supposed to never expire, then an expiration date of null is expected.

View file

@ -0,0 +1,62 @@
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.key.modification;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.util.selection.userid.SelectUserId;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.NoSuchElementException;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class RevokeUserIdsTest {
@Test
public void revokeWithSelectUserId() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.modernKeyRing("Alice <alice@pgpainless.org>", null);
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
secretKeys = PGPainless.modifyKeyRing(secretKeys)
.addUserId("Allice <alice@example.org>", protector)
.addUserId("Alice <alice@example.org>", protector)
.done();
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
assertTrue(info.isUserIdValid("Alice <alice@pgpainless.org>"));
assertTrue(info.isUserIdValid("Allice <alice@example.org>"));
assertTrue(info.isUserIdValid("Alice <alice@example.org>"));
secretKeys = PGPainless.modifyKeyRing(secretKeys)
.revokeUserIds(SelectUserId.containsEmailAddress("alice@example.org"), protector, null)
.done();
info = PGPainless.inspectKeyRing(secretKeys);
assertTrue(info.isUserIdValid("Alice <alice@pgpainless.org>"));
assertFalse(info.isUserIdValid("Allice <alice@example.org>"));
assertFalse(info.isUserIdValid("Alice <alice@example.org>"));
}
@Test
public void emptySelectionYieldsNoSuchElementException() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.modernKeyRing("Alice <alice@pgpainless.org>", null);
assertThrows(NoSuchElementException.class, () ->
PGPainless.modifyKeyRing(secretKeys).revokeUserIds(
SelectUserId.containsEmailAddress("alice@example.org"),
SecretKeyRingProtector.unprotectedKeys(),
null));
}
}