1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-27 06:42:05 +01:00

Allow for setting of expiration date during key generation

This commit is contained in:
Paul Schaub 2021-02-13 12:22:28 +01:00
parent 83117c99cb
commit f2f7305fec
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
3 changed files with 30 additions and 0 deletions

View file

@ -66,6 +66,7 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
private String userId; private String userId;
private final Set<String> additionalUserIds = new LinkedHashSet<>(); private final Set<String> additionalUserIds = new LinkedHashSet<>();
private Passphrase passphrase; private Passphrase passphrase;
private Date expirationDate = null;
/** /**
* Creates a simple, unencrypted RSA KeyPair of length {@code length} with user-id {@code userId}. * Creates a simple, unencrypted RSA KeyPair of length {@code length} with user-id {@code userId}.
@ -288,6 +289,16 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
class WithAdditionalUserIdOrPassphraseImpl implements WithAdditionalUserIdOrPassphrase { class WithAdditionalUserIdOrPassphraseImpl implements WithAdditionalUserIdOrPassphrase {
@Override
public WithAdditionalUserIdOrPassphrase setExpirationDate(@Nonnull Date expirationDate) {
Date now = new Date();
if (now.after(expirationDate)) {
throw new IllegalArgumentException("Expiration date must be in the future.");
}
KeyRingBuilder.this.expirationDate = expirationDate;
return this;
}
@Override @Override
public WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull String userId) { public WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull String userId) {
String trimmed = userId.trim(); String trimmed = userId.trim();
@ -341,6 +352,10 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
signatureGenerator = new PGPSignatureGenerator(signer); signatureGenerator = new PGPSignatureGenerator(signer);
PGPSignatureSubpacketGenerator hashedSubPacketGenerator = certKeySpec.getSubpacketGenerator(); PGPSignatureSubpacketGenerator hashedSubPacketGenerator = certKeySpec.getSubpacketGenerator();
hashedSubPacketGenerator.setPrimaryUserID(false, true); hashedSubPacketGenerator.setPrimaryUserID(false, true);
if (expirationDate != null) {
SignatureSubpacketGeneratorUtil.setExpirationDateInSubpacketGenerator(
expirationDate, new Date(), hashedSubPacketGenerator);
}
PGPSignatureSubpacketVector hashedSubPackets = hashedSubPacketGenerator.generate(); PGPSignatureSubpacketVector hashedSubPackets = hashedSubPacketGenerator.generate();
// Generator which the user can get the key pair from // Generator which the user can get the key pair from

View file

@ -17,6 +17,7 @@ package org.pgpainless.key.generation;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Date;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
@ -60,6 +61,14 @@ public interface KeyRingBuilderInterface {
return withAdditionalUserId(userId.toString()); return withAdditionalUserId(userId.toString());
} }
/**
* Set an expiration date for the key.
*
* @param expirationDate date on which the key will expire.
* @return builder
*/
WithAdditionalUserIdOrPassphrase setExpirationDate(@Nonnull Date expirationDate);
WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull String userId); WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull String userId);
WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull byte[] userId); WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull byte[] userId);

View file

@ -22,6 +22,7 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.Iterator; import java.util.Iterator;
import org.bouncycastle.bcpg.ArmoredOutputStream; import org.bouncycastle.bcpg.ArmoredOutputStream;
@ -39,6 +40,8 @@ public class GenerateKeyWithAdditionalUserIdTest {
@Test @Test
public void test() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException { public void test() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
Date now = new Date();
Date expiration = new Date(now.getTime() + 1000 * 5);
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) .withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072))
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS) .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS)
@ -47,10 +50,13 @@ public class GenerateKeyWithAdditionalUserIdTest {
.withAdditionalUserId("additional@user.id") .withAdditionalUserId("additional@user.id")
.withAdditionalUserId("additional2@user.id") .withAdditionalUserId("additional2@user.id")
.withAdditionalUserId("\ttrimThis@user.id ") .withAdditionalUserId("\ttrimThis@user.id ")
.setExpirationDate(expiration)
.withoutPassphrase() .withoutPassphrase()
.build(); .build();
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
assertEquals(expiration.getTime(), PGPainless.inspectKeyRing(publicKeys).getExpirationDate().getTime(), 2);
Iterator<String> userIds = publicKeys.getPublicKey().getUserIDs(); Iterator<String> userIds = publicKeys.getPublicKey().getUserIDs();
assertEquals("primary@user.id", userIds.next()); assertEquals("primary@user.id", userIds.next());
assertEquals("additional@user.id", userIds.next()); assertEquals("additional@user.id", userIds.next());