mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-23 03:17:58 +01:00
Started working on proofs
This commit is contained in:
parent
8b5ffedd29
commit
e9dc26b1da
8 changed files with 469 additions and 4 deletions
|
@ -0,0 +1,141 @@
|
|||
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package org.pgpainless.signature;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.NoSuchElementException;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
import javax.annotation.Nullable;
|
||||
|
||||
import org.bouncycastle.bcpg.sig.NotationData;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
|
||||
import org.pgpainless.PGPainless;
|
||||
import org.pgpainless.key.info.KeyRingInfo;
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||
import org.pgpainless.signature.builder.CertificationSignatureBuilder;
|
||||
import org.pgpainless.signature.builder.DirectKeySignatureBuilder;
|
||||
|
||||
public class ProofUtil {
|
||||
|
||||
public PGPSecretKeyRing addProof(PGPSecretKeyRing secretKey, SecretKeyRingProtector protector, Proof proof)
|
||||
throws PGPException {
|
||||
return addProofs(secretKey, protector, Collections.singletonList(proof));
|
||||
}
|
||||
|
||||
public PGPSecretKeyRing addProofs(PGPSecretKeyRing secretKey, SecretKeyRingProtector protector, List<Proof> proofs)
|
||||
throws PGPException {
|
||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKey);
|
||||
return addProofs(secretKey, protector, info.getPrimaryUserId(), proofs);
|
||||
}
|
||||
|
||||
public PGPSecretKeyRing addProof(PGPSecretKeyRing secretKey, SecretKeyRingProtector protector, String userId, Proof proof)
|
||||
throws PGPException {
|
||||
return addProofs(secretKey, protector, userId, Collections.singletonList(proof));
|
||||
}
|
||||
|
||||
public PGPSecretKeyRing addProofs(PGPSecretKeyRing secretKey, SecretKeyRingProtector protector,
|
||||
@Nullable String userId, List<Proof> proofs)
|
||||
throws PGPException {
|
||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKey);
|
||||
PGPSecretKey certificationKey = secretKey.getSecretKey();
|
||||
PGPPublicKey certificationPubKey = certificationKey.getPublicKey();
|
||||
PGPSignature certification = null;
|
||||
|
||||
// null userid -> make direct key sig
|
||||
if (userId == null) {
|
||||
PGPSignature previousCertification = info.getLatestDirectKeySelfSignature();
|
||||
if (previousCertification == null) {
|
||||
throw new NoSuchElementException("No previous valid direct key signature found.");
|
||||
}
|
||||
|
||||
DirectKeySignatureBuilder sigBuilder = new DirectKeySignatureBuilder(certificationKey, protector, previousCertification);
|
||||
for (Proof proof : proofs) {
|
||||
sigBuilder.getHashedSubpackets().addNotationData(false, proof.getNotationName(), proof.getNotationValue());
|
||||
}
|
||||
certification = sigBuilder.build(certificationPubKey);
|
||||
certificationPubKey = PGPPublicKey.addCertification(certificationPubKey, certification);
|
||||
} else {
|
||||
if (!info.isUserIdValid(userId)) {
|
||||
throw new IllegalArgumentException("User ID " + userId + " seems to not be valid for this key.");
|
||||
}
|
||||
PGPSignature previousCertification = info.getLatestUserIdCertification(userId);
|
||||
if (previousCertification == null) {
|
||||
throw new NoSuchElementException("No previous valid user-id certification found.");
|
||||
}
|
||||
|
||||
CertificationSignatureBuilder sigBuilder = new CertificationSignatureBuilder(certificationKey, protector, previousCertification);
|
||||
for (Proof proof : proofs) {
|
||||
sigBuilder.getHashedSubpackets().addNotationData(false, proof.getNotationName(), proof.getNotationValue());
|
||||
}
|
||||
certification = sigBuilder.build(certificationPubKey, userId);
|
||||
certificationPubKey = PGPPublicKey.addCertification(certificationPubKey, userId, certification);
|
||||
}
|
||||
certificationKey = PGPSecretKey.replacePublicKey(certificationKey, certificationPubKey);
|
||||
secretKey = PGPSecretKeyRing.insertSecretKey(secretKey, certificationKey);
|
||||
|
||||
return secretKey;
|
||||
}
|
||||
|
||||
public static class Proof {
|
||||
public static final String NOTATION_NAME = "proof@metacode.biz";
|
||||
private final String notationValue;
|
||||
|
||||
public Proof(String notationValue) {
|
||||
if (notationValue == null) {
|
||||
throw new IllegalArgumentException("Notation value cannot be null.");
|
||||
}
|
||||
String trimmed = notationValue.trim();
|
||||
if (trimmed.isEmpty()) {
|
||||
throw new IllegalArgumentException("Notation value cannot be empty.");
|
||||
}
|
||||
this.notationValue = trimmed;
|
||||
}
|
||||
|
||||
public String getNotationName() {
|
||||
return NOTATION_NAME;
|
||||
}
|
||||
|
||||
public String getNotationValue() {
|
||||
return notationValue;
|
||||
}
|
||||
|
||||
public static Proof fromMatrixPermalink(String username, String eventPermalink) {
|
||||
Pattern pattern = Pattern.compile("^https:\\/\\/matrix\\.to\\/#\\/(![a-zA-Z]{18}:matrix\\.org)\\/(\\$[a-zA-Z0-9\\-_]{43})\\?via=.*$");
|
||||
Matcher matcher = pattern.matcher(eventPermalink);
|
||||
if (!matcher.matches()) {
|
||||
throw new IllegalArgumentException("Invalid matrix event permalink.");
|
||||
}
|
||||
String roomId = matcher.group(1);
|
||||
String eventId = matcher.group(2);
|
||||
return new Proof(String.format("matrix:u/%s?org.keyoxide.r=%s&org.keyoxide.e=%s", username, roomId, eventId));
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return getNotationName() + "=" + getNotationValue();
|
||||
}
|
||||
}
|
||||
|
||||
public static List<Proof> getProofs(PGPSignature signature) {
|
||||
PGPSignatureSubpacketVector hashedSubpackets = signature.getHashedSubPackets();
|
||||
NotationData[] notations = hashedSubpackets.getNotationDataOccurrences();
|
||||
|
||||
List<Proof> proofs = new ArrayList<>();
|
||||
for (NotationData notation : notations) {
|
||||
if (notation.getNotationName().equals(Proof.NOTATION_NAME)) {
|
||||
proofs.add(new Proof(notation.getNotationValue()));
|
||||
}
|
||||
}
|
||||
return proofs;
|
||||
}
|
||||
}
|
|
@ -10,6 +10,7 @@ import org.bouncycastle.openpgp.PGPException;
|
|||
import org.bouncycastle.openpgp.PGPPrivateKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.bouncycastle.openpgp.PGPSignatureGenerator;
|
||||
import org.pgpainless.PGPainless;
|
||||
import org.pgpainless.algorithm.HashAlgorithm;
|
||||
|
@ -46,6 +47,20 @@ public abstract class AbstractSignatureBuilder<B extends AbstractSignatureBuilde
|
|||
hashedSubpackets = new SignatureSubpacketGeneratorWrapper(publicSigningKey);
|
||||
}
|
||||
|
||||
public AbstractSignatureBuilder(PGPSecretKey certificationKey, SecretKeyRingProtector protector, PGPSignature archetypeSignature) throws WrongPassphraseException {
|
||||
SignatureType type = SignatureType.valueOf(archetypeSignature.getSignatureType());
|
||||
if (!isValidSignatureType(type)) {
|
||||
throw new IllegalArgumentException("Invalid signature type.");
|
||||
}
|
||||
this.signatureType = SignatureType.valueOf(archetypeSignature.getSignatureType());
|
||||
this.privateSigningKey = UnlockSecretKey.unlockSecretKey(certificationKey, protector);
|
||||
this.publicSigningKey = certificationKey.getPublicKey();
|
||||
this.hashAlgorithm = negotiateHashAlgorithm(publicSigningKey);
|
||||
|
||||
unhashedSubpackets = new SignatureSubpacketGeneratorWrapper(archetypeSignature.getUnhashedSubPackets());
|
||||
hashedSubpackets = new SignatureSubpacketGeneratorWrapper(publicSigningKey, archetypeSignature.getHashedSubPackets());
|
||||
}
|
||||
|
||||
protected HashAlgorithm negotiateHashAlgorithm(PGPPublicKey publicKey) {
|
||||
Set<HashAlgorithm> hashAlgorithmPreferences = OpenPgpKeyAttributeUtil.getOrGuessPreferredHashAlgorithms(publicKey);
|
||||
return HashAlgorithmNegotiator.negotiateSignatureHashAlgorithm(PGPainless.getPolicy())
|
||||
|
|
|
@ -4,6 +4,8 @@
|
|||
|
||||
package org.pgpainless.signature.builder;
|
||||
|
||||
import javax.annotation.Nonnull;
|
||||
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||
|
@ -12,6 +14,7 @@ import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector;
|
|||
import org.pgpainless.algorithm.SignatureType;
|
||||
import org.pgpainless.exception.WrongPassphraseException;
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
|
||||
|
||||
public class CertificationSignatureBuilder extends AbstractSignatureBuilder<CertificationSignatureBuilder> {
|
||||
|
||||
|
@ -19,6 +22,18 @@ public class CertificationSignatureBuilder extends AbstractSignatureBuilder<Cert
|
|||
super(SignatureType.GENERIC_CERTIFICATION, certificationKey, protector);
|
||||
}
|
||||
|
||||
public CertificationSignatureBuilder(PGPSecretKey certificationKey, SecretKeyRingProtector protector, PGPSignature archetypeSignature) throws WrongPassphraseException {
|
||||
super(certificationKey, protector, archetypeSignature);
|
||||
}
|
||||
|
||||
public SelfSignatureSubpackets getHashedSubpackets() {
|
||||
return hashedSubpackets;
|
||||
}
|
||||
|
||||
public SelfSignatureSubpackets getUnhashedSubpackets() {
|
||||
return unhashedSubpackets;
|
||||
}
|
||||
|
||||
public PGPSignature build(PGPPublicKey certifiedKey, String userId) throws PGPException {
|
||||
return buildAndInitSignatureGenerator().generateCertification(userId, certifiedKey);
|
||||
}
|
||||
|
@ -28,8 +43,8 @@ public class CertificationSignatureBuilder extends AbstractSignatureBuilder<Cert
|
|||
}
|
||||
|
||||
@Override
|
||||
protected boolean isValidSignatureType(SignatureType type) {
|
||||
switch (signatureType) {
|
||||
protected boolean isValidSignatureType(@Nonnull SignatureType type) {
|
||||
switch (type) {
|
||||
case GENERIC_CERTIFICATION:
|
||||
case NO_CERTIFICATION:
|
||||
case CASUAL_CERTIFICATION:
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package org.pgpainless.signature.builder;
|
||||
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.pgpainless.algorithm.SignatureType;
|
||||
import org.pgpainless.exception.WrongPassphraseException;
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
|
||||
|
||||
public class DirectKeySignatureBuilder extends AbstractSignatureBuilder<DirectKeySignatureBuilder> {
|
||||
|
||||
public DirectKeySignatureBuilder(PGPSecretKey certificationKey, SecretKeyRingProtector protector, PGPSignature archetypeSignature) throws WrongPassphraseException {
|
||||
super(certificationKey, protector, archetypeSignature);
|
||||
}
|
||||
|
||||
public DirectKeySignatureBuilder(SignatureType signatureType, PGPSecretKey signingKey, SecretKeyRingProtector protector) throws WrongPassphraseException {
|
||||
super(signatureType, signingKey, protector);
|
||||
}
|
||||
|
||||
public SelfSignatureSubpackets getHashedSubpackets() {
|
||||
return hashedSubpackets;
|
||||
}
|
||||
|
||||
public SelfSignatureSubpackets getUnhashedSubpackets() {
|
||||
return unhashedSubpackets;
|
||||
}
|
||||
|
||||
public PGPSignature build(PGPPublicKey key) throws PGPException {
|
||||
return buildAndInitSignatureGenerator()
|
||||
.generateCertification(key);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean isValidSignatureType(SignatureType type) {
|
||||
return type == SignatureType.DIRECT_KEY;
|
||||
}
|
||||
}
|
|
@ -64,6 +64,8 @@ public interface BaseSignatureSubpackets {
|
|||
|
||||
SignatureSubpacketGeneratorWrapper addNotationData(boolean isCritical, @Nonnull String notationName, @Nonnull String notationValue);
|
||||
|
||||
SignatureSubpacketGeneratorWrapper addNotationData(boolean isCritical, boolean isHumanReadable, @Nonnull String notationName, @Nonnull String notationValue);
|
||||
|
||||
SignatureSubpacketGeneratorWrapper addNotationData(@Nonnull NotationData notationData);
|
||||
|
||||
SignatureSubpacketGeneratorWrapper clearNotationData();
|
||||
|
|
|
@ -39,6 +39,7 @@ import org.bouncycastle.bcpg.sig.TrustSignature;
|
|||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
|
||||
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
|
||||
import org.pgpainless.algorithm.CompressionAlgorithm;
|
||||
import org.pgpainless.algorithm.Feature;
|
||||
import org.pgpainless.algorithm.HashAlgorithm;
|
||||
|
@ -71,16 +72,125 @@ public class SignatureSubpacketGeneratorWrapper
|
|||
private PrimaryUserID primaryUserId;
|
||||
private Revocable revocable;
|
||||
private RevocationReason revocationReason;
|
||||
private final List<SignatureSubpacket> unsupportedSubpackets = new ArrayList<>();
|
||||
|
||||
public SignatureSubpacketGeneratorWrapper() {
|
||||
setSignatureCreationTime(new Date());
|
||||
}
|
||||
|
||||
public SignatureSubpacketGeneratorWrapper(PGPPublicKey issuer) {
|
||||
this();
|
||||
setSignatureCreationTime(new Date());
|
||||
setIssuerFingerprintAndKeyId(issuer);
|
||||
}
|
||||
|
||||
public SignatureSubpacketGeneratorWrapper(PGPPublicKey issuer, PGPSignatureSubpacketVector base) {
|
||||
extractSubpacketsFromVector(base);
|
||||
setSignatureCreationTime(new Date());
|
||||
setIssuerFingerprintAndKeyId(issuer);
|
||||
}
|
||||
|
||||
public SignatureSubpacketGeneratorWrapper(PGPSignatureSubpacketVector base) {
|
||||
extractSubpacketsFromVector(base);
|
||||
setSignatureCreationTime(new Date());
|
||||
}
|
||||
|
||||
private void extractSubpacketsFromVector(PGPSignatureSubpacketVector base) {
|
||||
for (SignatureSubpacket subpacket : base.toArray()) {
|
||||
org.pgpainless.algorithm.SignatureSubpacket type = org.pgpainless.algorithm.SignatureSubpacket.fromCode(subpacket.getType());
|
||||
switch (type) {
|
||||
case signatureCreationTime:
|
||||
case issuerKeyId:
|
||||
case issuerFingerprint:
|
||||
// ignore, we override this anyways
|
||||
break;
|
||||
case signatureExpirationTime:
|
||||
SignatureExpirationTime sigExpTime = (SignatureExpirationTime) subpacket;
|
||||
setSignatureExpirationTime(sigExpTime.isCritical(), sigExpTime.getTime());
|
||||
break;
|
||||
case exportableCertification:
|
||||
Exportable exp = (Exportable) subpacket;
|
||||
setExportable(exp.isCritical(), exp.isExportable());
|
||||
break;
|
||||
case trustSignature:
|
||||
TrustSignature trustSignature = (TrustSignature) subpacket;
|
||||
setTrust(trustSignature.isCritical(), trustSignature.getDepth(), trustSignature.getTrustAmount());
|
||||
break;
|
||||
case revocable:
|
||||
Revocable rev = (Revocable) subpacket;
|
||||
setRevocable(rev.isCritical(), rev.isRevocable());
|
||||
break;
|
||||
case keyExpirationTime:
|
||||
KeyExpirationTime keyExpTime = (KeyExpirationTime) subpacket;
|
||||
setKeyExpirationTime(keyExpTime.isCritical(), keyExpTime.getTime());
|
||||
break;
|
||||
case preferredSymmetricAlgorithms:
|
||||
setPreferredSymmetricKeyAlgorithms((PreferredAlgorithms) subpacket);
|
||||
break;
|
||||
case revocationKey:
|
||||
RevocationKey revocationKey = (RevocationKey) subpacket;
|
||||
addRevocationKey(revocationKey);
|
||||
break;
|
||||
case notationData:
|
||||
NotationData notationData = (NotationData) subpacket;
|
||||
addNotationData(notationData.isCritical(), notationData.getNotationName(), notationData.getNotationValue());
|
||||
break;
|
||||
case preferredHashAlgorithms:
|
||||
setPreferredHashAlgorithms((PreferredAlgorithms) subpacket);
|
||||
break;
|
||||
case preferredCompressionAlgorithms:
|
||||
setPreferredCompressionAlgorithms((PreferredAlgorithms) subpacket);
|
||||
break;
|
||||
case primaryUserId:
|
||||
PrimaryUserID primaryUserID = (PrimaryUserID) subpacket;
|
||||
setPrimaryUserId(primaryUserID);
|
||||
break;
|
||||
case keyFlags:
|
||||
KeyFlags flags = (KeyFlags) subpacket;
|
||||
setKeyFlags(flags.isCritical(), KeyFlag.fromBitmask(flags.getFlags()).toArray(new KeyFlag[0]));
|
||||
break;
|
||||
case signerUserId:
|
||||
SignerUserID signerUserID = (SignerUserID) subpacket;
|
||||
setSignerUserId(signerUserID.isCritical(), signerUserID.getID());
|
||||
break;
|
||||
case revocationReason:
|
||||
RevocationReason reason = (RevocationReason) subpacket;
|
||||
setRevocationReason(reason.isCritical(),
|
||||
RevocationAttributes.Reason.fromCode(reason.getRevocationReason()),
|
||||
reason.getRevocationDescription());
|
||||
break;
|
||||
case features:
|
||||
Features f = (Features) subpacket;
|
||||
setFeatures(f.isCritical(), Feature.fromBitmask(f.getData()[0]).toArray(new Feature[0]));
|
||||
break;
|
||||
case signatureTarget:
|
||||
SignatureTarget target = (SignatureTarget) subpacket;
|
||||
setSignatureTarget(target.isCritical(),
|
||||
PublicKeyAlgorithm.fromId(target.getPublicKeyAlgorithm()),
|
||||
HashAlgorithm.fromId(target.getHashAlgorithm()),
|
||||
target.getHashData());
|
||||
break;
|
||||
case embeddedSignature:
|
||||
EmbeddedSignature embeddedSignature = (EmbeddedSignature) subpacket;
|
||||
addEmbeddedSignature(embeddedSignature);
|
||||
break;
|
||||
case intendedRecipientFingerprint:
|
||||
IntendedRecipientFingerprint intendedRecipientFingerprint = (IntendedRecipientFingerprint) subpacket;
|
||||
addIntendedRecipientFingerprint(intendedRecipientFingerprint);
|
||||
break;
|
||||
|
||||
case regularExpression:
|
||||
case keyServerPreferences:
|
||||
case preferredKeyServers:
|
||||
case policyUrl:
|
||||
case placeholder:
|
||||
case preferredAEADAlgorithms:
|
||||
case attestedCertification:
|
||||
unsupportedSubpackets.add(subpacket);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public PGPSignatureSubpacketGenerator getGenerator() {
|
||||
PGPSignatureSubpacketGenerator generator = new PGPSignatureSubpacketGenerator();
|
||||
|
||||
|
@ -113,6 +223,9 @@ public class SignatureSubpacketGeneratorWrapper
|
|||
addSubpacket(generator, primaryUserId);
|
||||
addSubpacket(generator, revocable);
|
||||
addSubpacket(generator, revocationReason);
|
||||
for (SignatureSubpacket subpacket : unsupportedSubpackets) {
|
||||
addSubpacket(generator, subpacket);
|
||||
}
|
||||
|
||||
return generator;
|
||||
}
|
||||
|
@ -381,7 +494,12 @@ public class SignatureSubpacketGeneratorWrapper
|
|||
|
||||
@Override
|
||||
public SignatureSubpacketGeneratorWrapper addNotationData(boolean isCritical, @Nonnull String notationName, @Nonnull String notationValue) {
|
||||
return addNotationData(new NotationData(isCritical, true, notationName, notationValue));
|
||||
return addNotationData(isCritical, true, notationName, notationValue);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SignatureSubpacketGeneratorWrapper addNotationData(boolean isCritical, boolean isHumanReadable, @Nonnull String notationName, @Nonnull String notationValue) {
|
||||
return addNotationData(new NotationData(isCritical, isHumanReadable, notationName, notationValue));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -0,0 +1,75 @@
|
|||
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package org.pgpainless.signature.builder;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.pgpainless.PGPainless;
|
||||
import org.pgpainless.key.info.KeyRingInfo;
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||
import org.pgpainless.signature.ProofUtil;
|
||||
|
||||
public class ProofUtilTest {
|
||||
|
||||
@Test
|
||||
public void testEmptyProofThrows() {
|
||||
assertThrows(IllegalArgumentException.class, () -> new ProofUtil.Proof(""));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNullProofThrows() {
|
||||
assertThrows(IllegalArgumentException.class, () -> new ProofUtil.Proof(null));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void proofIsTrimmed() {
|
||||
ProofUtil.Proof proof = new ProofUtil.Proof(" foo:bar ");
|
||||
assertEquals("proof@metacode.biz=foo:bar", proof.toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMatrixProof() {
|
||||
String matrixUser = "@foo:matrix.org";
|
||||
String permalink = "https://matrix.to/#/!dBfQZxCoGVmSTujfiv:matrix.org/$3dVX1nv3lmwnKxc0mgto_Sf-REVr45Z6G7LWLWal10w?via=chat.matrix.org";
|
||||
ProofUtil.Proof proof = ProofUtil.Proof.fromMatrixPermalink(matrixUser, permalink);
|
||||
|
||||
assertEquals("proof@metacode.biz=matrix:u/@foo:matrix.org?org.keyoxide.r=!dBfQZxCoGVmSTujfiv:matrix.org&org.keyoxide.e=$3dVX1nv3lmwnKxc0mgto_Sf-REVr45Z6G7LWLWal10w",
|
||||
proof.toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testXmppBasicProof() {
|
||||
String jid = "alice@pgpainless.org";
|
||||
ProofUtil.Proof proof = new ProofUtil.Proof("xmpp:" + jid);
|
||||
|
||||
assertEquals("proof@metacode.biz=xmpp:alice@pgpainless.org", proof.toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAddProof() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, InterruptedException {
|
||||
String userId = "Alice <alice@pgpainless.org>";
|
||||
PGPSecretKeyRing secretKey = PGPainless.generateKeyRing()
|
||||
.modernKeyRing(userId, null);
|
||||
Thread.sleep(1000L);
|
||||
secretKey = new ProofUtil()
|
||||
.addProof(secretKey, SecretKeyRingProtector.unprotectedKeys(), new ProofUtil.Proof("xmpp:alice@pgpainless.org"));
|
||||
|
||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKey);
|
||||
PGPSignature signature = info.getLatestUserIdCertification(userId);
|
||||
assertNotNull(signature);
|
||||
assertFalse(ProofUtil.getProofs(signature).isEmpty());
|
||||
}
|
||||
}
|
|
@ -0,0 +1,56 @@
|
|||
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package org.pgpainless.signature.builder;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.List;
|
||||
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.pgpainless.PGPainless;
|
||||
import org.pgpainless.algorithm.EncryptionPurpose;
|
||||
import org.pgpainless.algorithm.KeyFlag;
|
||||
import org.pgpainless.algorithm.SignatureType;
|
||||
import org.pgpainless.key.info.KeyRingInfo;
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||
import org.pgpainless.util.Passphrase;
|
||||
|
||||
public class SubkeyBindingSignatureBuilderTest {
|
||||
|
||||
@Test
|
||||
public void testBindSubkeyWithCustomNotation() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
|
||||
PGPSecretKeyRing secretKey = PGPainless.generateKeyRing()
|
||||
.modernKeyRing("Alice <alice@pgpainless.org>", "passphrase");
|
||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKey);
|
||||
List<PGPPublicKey> previousSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.STORAGE_AND_COMMUNICATIONS);
|
||||
SecretKeyRingProtector protector = SecretKeyRingProtector.unlockAllKeysWith(Passphrase.fromPassword("passphrase"), secretKey);
|
||||
|
||||
PGPSecretKeyRing tempSubkeyRing = PGPainless.generateKeyRing()
|
||||
.modernKeyRing("Subkeys", null);
|
||||
PGPPublicKey subkey = PGPainless.inspectKeyRing(tempSubkeyRing)
|
||||
.getEncryptionSubkeys(EncryptionPurpose.STORAGE_AND_COMMUNICATIONS).get(0);
|
||||
|
||||
SubkeyBindingSignatureBuilder skbb = new SubkeyBindingSignatureBuilder(SignatureType.SUBKEY_BINDING, secretKey.getSecretKey(), protector);
|
||||
skbb.getHashedSubpackets().addNotationData(false, "testnotation@pgpainless.org", "hello-world");
|
||||
skbb.getHashedSubpackets().setKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE);
|
||||
PGPSignature binding = skbb.build(subkey);
|
||||
subkey = PGPPublicKey.addCertification(subkey, binding);
|
||||
PGPSecretKey secSubkey = tempSubkeyRing.getSecretKey(subkey.getKeyID());
|
||||
secSubkey = PGPSecretKey.replacePublicKey(secSubkey, subkey);
|
||||
secretKey = PGPSecretKeyRing.insertSecretKey(secretKey, secSubkey);
|
||||
|
||||
info = PGPainless.inspectKeyRing(secretKey);
|
||||
List<PGPPublicKey> nextSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.STORAGE_AND_COMMUNICATIONS);
|
||||
assertEquals(previousSubkeys.size() + 1, nextSubkeys.size());
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue