parent
1aca7112d2
commit
e374951ed0
|
|
@ -1,141 +0,0 @@
|
|||
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package org.pgpainless.signature.consumer;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.NoSuchElementException;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
import javax.annotation.Nullable;
|
||||
|
||||
import org.bouncycastle.bcpg.sig.NotationData;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
|
||||
import org.pgpainless.PGPainless;
|
||||
import org.pgpainless.key.info.KeyRingInfo;
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||
import org.pgpainless.signature.builder.DirectKeySignatureBuilder;
|
||||
import org.pgpainless.signature.builder.SelfSignatureBuilder;
|
||||
|
||||
public class ProofUtil {
|
||||
|
||||
public PGPSecretKeyRing addProof(PGPSecretKeyRing secretKey, SecretKeyRingProtector protector, Proof proof)
|
||||
throws PGPException {
|
||||
return addProofs(secretKey, protector, Collections.singletonList(proof));
|
||||
}
|
||||
|
||||
public PGPSecretKeyRing addProofs(PGPSecretKeyRing secretKey, SecretKeyRingProtector protector, List<Proof> proofs)
|
||||
throws PGPException {
|
||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKey);
|
||||
return addProofs(secretKey, protector, info.getPrimaryUserId(), proofs);
|
||||
}
|
||||
|
||||
public PGPSecretKeyRing addProof(PGPSecretKeyRing secretKey, SecretKeyRingProtector protector, String userId, Proof proof)
|
||||
throws PGPException {
|
||||
return addProofs(secretKey, protector, userId, Collections.singletonList(proof));
|
||||
}
|
||||
|
||||
public PGPSecretKeyRing addProofs(PGPSecretKeyRing secretKey, SecretKeyRingProtector protector,
|
||||
@Nullable String userId, List<Proof> proofs)
|
||||
throws PGPException {
|
||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKey);
|
||||
PGPSecretKey certificationKey = secretKey.getSecretKey();
|
||||
PGPPublicKey certificationPubKey = certificationKey.getPublicKey();
|
||||
PGPSignature certification = null;
|
||||
|
||||
// null userid -> make direct key sig
|
||||
if (userId == null) {
|
||||
PGPSignature previousCertification = info.getLatestDirectKeySelfSignature();
|
||||
if (previousCertification == null) {
|
||||
throw new NoSuchElementException("No previous valid direct key signature found.");
|
||||
}
|
||||
|
||||
DirectKeySignatureBuilder sigBuilder = new DirectKeySignatureBuilder(certificationKey, protector, previousCertification);
|
||||
for (Proof proof : proofs) {
|
||||
sigBuilder.getHashedSubpackets().addNotationData(false, proof.getNotationName(), proof.getNotationValue());
|
||||
}
|
||||
certification = sigBuilder.build(certificationPubKey);
|
||||
certificationPubKey = PGPPublicKey.addCertification(certificationPubKey, certification);
|
||||
} else {
|
||||
if (!info.isUserIdValid(userId)) {
|
||||
throw new IllegalArgumentException("User ID " + userId + " seems to not be valid for this key.");
|
||||
}
|
||||
PGPSignature previousCertification = info.getLatestUserIdCertification(userId);
|
||||
if (previousCertification == null) {
|
||||
throw new NoSuchElementException("No previous valid user-id certification found.");
|
||||
}
|
||||
|
||||
SelfSignatureBuilder sigBuilder = new SelfSignatureBuilder(certificationKey, protector, previousCertification);
|
||||
for (Proof proof : proofs) {
|
||||
sigBuilder.getHashedSubpackets().addNotationData(false, proof.getNotationName(), proof.getNotationValue());
|
||||
}
|
||||
certification = sigBuilder.build(certificationPubKey, userId);
|
||||
certificationPubKey = PGPPublicKey.addCertification(certificationPubKey, userId, certification);
|
||||
}
|
||||
certificationKey = PGPSecretKey.replacePublicKey(certificationKey, certificationPubKey);
|
||||
secretKey = PGPSecretKeyRing.insertSecretKey(secretKey, certificationKey);
|
||||
|
||||
return secretKey;
|
||||
}
|
||||
|
||||
public static class Proof {
|
||||
public static final String NOTATION_NAME = "proof@metacode.biz";
|
||||
private final String notationValue;
|
||||
|
||||
public Proof(String notationValue) {
|
||||
if (notationValue == null) {
|
||||
throw new IllegalArgumentException("Notation value cannot be null.");
|
||||
}
|
||||
String trimmed = notationValue.trim();
|
||||
if (trimmed.isEmpty()) {
|
||||
throw new IllegalArgumentException("Notation value cannot be empty.");
|
||||
}
|
||||
this.notationValue = trimmed;
|
||||
}
|
||||
|
||||
public String getNotationName() {
|
||||
return NOTATION_NAME;
|
||||
}
|
||||
|
||||
public String getNotationValue() {
|
||||
return notationValue;
|
||||
}
|
||||
|
||||
public static Proof fromMatrixPermalink(String username, String eventPermalink) {
|
||||
Pattern pattern = Pattern.compile("^https:\\/\\/matrix\\.to\\/#\\/(![a-zA-Z]{18}:matrix\\.org)\\/(\\$[a-zA-Z0-9\\-_]{43})\\?via=.*$");
|
||||
Matcher matcher = pattern.matcher(eventPermalink);
|
||||
if (!matcher.matches()) {
|
||||
throw new IllegalArgumentException("Invalid matrix event permalink.");
|
||||
}
|
||||
String roomId = matcher.group(1);
|
||||
String eventId = matcher.group(2);
|
||||
return new Proof(String.format("matrix:u/%s?org.keyoxide.r=%s&org.keyoxide.e=%s", username, roomId, eventId));
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return getNotationName() + "=" + getNotationValue();
|
||||
}
|
||||
}
|
||||
|
||||
public static List<Proof> getProofs(PGPSignature signature) {
|
||||
PGPSignatureSubpacketVector hashedSubpackets = signature.getHashedSubPackets();
|
||||
NotationData[] notations = hashedSubpackets.getNotationDataOccurrences();
|
||||
|
||||
List<Proof> proofs = new ArrayList<>();
|
||||
for (NotationData notation : notations) {
|
||||
if (notation.getNotationName().equals(Proof.NOTATION_NAME)) {
|
||||
proofs.add(new Proof(notation.getNotationValue()));
|
||||
}
|
||||
}
|
||||
return proofs;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,77 +0,0 @@
|
|||
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package org.pgpainless.signature.builder;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.pgpainless.PGPainless;
|
||||
import org.pgpainless.key.info.KeyRingInfo;
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||
import org.pgpainless.signature.consumer.ProofUtil;
|
||||
|
||||
public class ProofUtilTest {
|
||||
|
||||
@Test
|
||||
public void testEmptyProofThrows() {
|
||||
assertThrows(IllegalArgumentException.class, () -> new ProofUtil.Proof(""));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNullProofThrows() {
|
||||
assertThrows(IllegalArgumentException.class, () -> new ProofUtil.Proof(null));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void proofIsTrimmed() {
|
||||
ProofUtil.Proof proof = new ProofUtil.Proof(" foo:bar ");
|
||||
assertEquals("proof@metacode.biz=foo:bar", proof.toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMatrixProof() {
|
||||
String matrixUser = "@foo:matrix.org";
|
||||
String permalink = "https://matrix.to/#/!dBfQZxCoGVmSTujfiv:matrix.org/$3dVX1nv3lmwnKxc0mgto_Sf-REVr45Z6G7LWLWal10w?via=chat.matrix.org";
|
||||
ProofUtil.Proof proof = ProofUtil.Proof.fromMatrixPermalink(matrixUser, permalink);
|
||||
|
||||
assertEquals("proof@metacode.biz=matrix:u/@foo:matrix.org?org.keyoxide.r=!dBfQZxCoGVmSTujfiv:matrix.org&org.keyoxide.e=$3dVX1nv3lmwnKxc0mgto_Sf-REVr45Z6G7LWLWal10w",
|
||||
proof.toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testXmppBasicProof() {
|
||||
String jid = "alice@pgpainless.org";
|
||||
ProofUtil.Proof proof = new ProofUtil.Proof("xmpp:" + jid);
|
||||
|
||||
assertEquals("proof@metacode.biz=xmpp:alice@pgpainless.org", proof.toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAddProof()
|
||||
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
|
||||
String userId = "Alice <alice@pgpainless.org>";
|
||||
PGPSecretKeyRing secretKey = PGPainless.generateKeyRing()
|
||||
.modernKeyRing(userId, null);
|
||||
Thread.sleep(1000L);
|
||||
secretKey = new ProofUtil().addProof(
|
||||
secretKey,
|
||||
SecretKeyRingProtector.unprotectedKeys(),
|
||||
new ProofUtil.Proof("xmpp:alice@pgpainless.org"));
|
||||
|
||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKey);
|
||||
PGPSignature signature = info.getLatestUserIdCertification(userId);
|
||||
assertNotNull(signature);
|
||||
assertFalse(ProofUtil.getProofs(signature).isEmpty());
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue