1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-01-08 19:27:57 +01:00

Add PGPKeyRingExtensions class and make use of it

This commit is contained in:
Paul Schaub 2023-09-06 16:49:28 +02:00
parent 6a23016104
commit e8fef1f1f3
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
4 changed files with 36 additions and 28 deletions

View file

@ -0,0 +1,15 @@
// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.bouncycastle.extensions
import org.bouncycastle.openpgp.PGPKeyRing
import org.pgpainless.key.SubkeyIdentifier
/**
* Return true, if this [PGPKeyRing] contains the subkey identified by the [SubkeyIdentifier].
*/
fun PGPKeyRing.matches(subkeyIdentifier: SubkeyIdentifier): Boolean =
this.publicKey.keyID == subkeyIdentifier.primaryKeyId &&
this.getPublicKey(subkeyIdentifier.subkeyId) != null

View file

@ -4,6 +4,7 @@
package org.pgpainless.decryption_verification
import org.bouncycastle.extensions.matches
import org.bouncycastle.openpgp.PGPKeyRing
import org.bouncycastle.openpgp.PGPLiteralData
import org.pgpainless.algorithm.CompressionAlgorithm
@ -227,10 +228,9 @@ class MessageMetadata(
*/
@JvmOverloads
fun isAuthenticatablySignedBy(userId: String, email: Boolean, certificateAuthority: CertificateAuthority, targetAmount: Int = 120): Boolean {
return verifiedSignatures.any {
certificateAuthority.authenticateBinding(
it.signingKey.fingerprint, userId, email, it.signature.creationTime, targetAmount
).authenticated
return verifiedSignatures.any { certificateAuthority
.authenticateBinding(it.signingKey.fingerprint, userId, email, it.signature.creationTime, targetAmount)
.authenticated
}
}
@ -241,31 +241,23 @@ class MessageMetadata(
* @param fingerprint fingerprint
* @return true if message was signed by a cert identified by the given fingerprint
*/
fun isVerifiedSignedBy(fingerprint: OpenPgpFingerprint) = verifiedSignatures.any {
it.signingKey.primaryKeyFingerprint == fingerprint || it.signingKey.subkeyFingerprint == fingerprint
}
fun isVerifiedSignedBy(fingerprint: OpenPgpFingerprint) =
verifiedSignatures.any { it.signingKey.matches(fingerprint) }
fun isVerifiedSignedBy(keys: PGPKeyRing) = containsSignatureBy(verifiedSignatures, keys)
fun isVerifiedSignedBy(keys: PGPKeyRing) =
verifiedSignatures.any { keys.matches(it.signingKey) }
fun isVerifiedDetachedSignedBy(fingerprint: OpenPgpFingerprint) = verifiedDetachedSignatures.any {
it.signingKey.primaryKeyFingerprint == fingerprint || it.signingKey.subkeyFingerprint == fingerprint
}
fun isVerifiedDetachedSignedBy(fingerprint: OpenPgpFingerprint) =
verifiedDetachedSignatures.any { it.signingKey.matches(fingerprint) }
fun isVerifiedDetachedSignedBy(keys: PGPKeyRing) = containsSignatureBy(verifiedDetachedSignatures, keys)
fun isVerifiedDetachedSignedBy(keys: PGPKeyRing) =
verifiedDetachedSignatures.any { keys.matches(it.signingKey) }
fun isVerifiedInlineSignedBy(fingerprint: OpenPgpFingerprint) = verifiedInlineSignatures.any {
it.signingKey.primaryKeyFingerprint == fingerprint || it.signingKey.subkeyFingerprint == fingerprint
}
fun isVerifiedInlineSignedBy(fingerprint: OpenPgpFingerprint) =
verifiedInlineSignatures.any { it.signingKey.matches(fingerprint) }
fun isVerifiedInlineSignedBy(keys: PGPKeyRing) = containsSignatureBy(verifiedInlineSignatures, keys)
private fun containsSignatureBy(signatures: List<SignatureVerification>, keys: PGPKeyRing) =
signatures.any {
// Match certificate by primary key id
keys.publicKey.keyID == it.signingKey.primaryKeyId &&
// match signing subkey
keys.getPublicKey(it.signingKey.subkeyId) != null
}
fun isVerifiedInlineSignedBy(keys: PGPKeyRing) =
verifiedInlineSignatures.any { keys.matches(it.signingKey) }
// ################################################################################################################
// ### Literal Data ###

View file

@ -4,6 +4,7 @@
package org.pgpainless.encryption_signing
import org.bouncycastle.extensions.matches
import org.bouncycastle.openpgp.PGPLiteralData
import org.bouncycastle.openpgp.PGPPublicKeyRing
import org.bouncycastle.openpgp.PGPSignature
@ -39,10 +40,7 @@ data class EncryptionResult(
* @param certificate certificate
* @return true if encrypted for 1+ subkeys, false otherwise.
*/
fun isEncryptedFor(certificate: PGPPublicKeyRing) = recipients.any {
certificate.publicKey.keyID == it.primaryKeyId &&
certificate.getPublicKey(it.subkeyId) != null
}
fun isEncryptedFor(certificate: PGPPublicKeyRing) = recipients.any { certificate.matches(it) }
companion object {
/**

View file

@ -31,6 +31,9 @@ class SubkeyIdentifier(
val subkeyId = subkeyFingerprint.keyId
val primaryKeyId = primaryKeyFingerprint.keyId
fun matches(fingerprint: OpenPgpFingerprint) =
primaryKeyFingerprint == fingerprint || subkeyFingerprint == fingerprint
override fun equals(other: Any?): Boolean {
if (other == null) {
return false