223 lines
7.9 KiB
Java
223 lines
7.9 KiB
Java
// SPDX-FileCopyrightText: 2020 Paul Schaub <vanitasvitae@fsfe.org>
|
|
//
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package org.pgpainless.algorithm;
|
|
|
|
import org.bouncycastle.openpgp.PGPSignature;
|
|
|
|
import java.util.Map;
|
|
import java.util.concurrent.ConcurrentHashMap;
|
|
|
|
/**
|
|
* Enum that enlists all the Signature Types defined in rfc4880 section 5.2.1
|
|
* See {@link org.bouncycastle.openpgp.PGPSignature} for comparison.
|
|
*
|
|
* @see <a href="https://tools.ietf.org/html/rfc4880#section-5.11">rfc4880 §5.2.1. Signature Types</a>
|
|
*/
|
|
public enum SignatureType {
|
|
|
|
/**
|
|
* Signature of a binary document.
|
|
* This means the signer owns it, created it, or certifies that it
|
|
* has not been modified.
|
|
*/
|
|
BINARY_DOCUMENT(PGPSignature.BINARY_DOCUMENT),
|
|
|
|
/**
|
|
* Signature of a canonical text document.
|
|
* This means the signer owns it, created it, or certifies that it
|
|
* has not been modified. The signature is calculated over the text
|
|
* data with its line endings converted to {@code <CR><LF>}.
|
|
*/
|
|
CANONICAL_TEXT_DOCUMENT(PGPSignature.CANONICAL_TEXT_DOCUMENT),
|
|
|
|
/**
|
|
* Standalone signature.
|
|
* This signature is a signature of only its own subpacket contents.
|
|
* It is calculated identically to a signature over a zero-length
|
|
* binary document. Note that it doesn't make sense to have a V3
|
|
* standalone signature.
|
|
*/
|
|
STANDALONE(PGPSignature.STAND_ALONE),
|
|
|
|
/**
|
|
* Generic certification of a User ID and Public-Key packet.
|
|
* The issuer of this certification does not make any particular
|
|
* assertion as to how well the certifier has checked that the owner
|
|
* of the key is in fact the person described by the User ID.
|
|
*/
|
|
GENERIC_CERTIFICATION(PGPSignature.DEFAULT_CERTIFICATION),
|
|
|
|
/**
|
|
* Persona certification of a User ID and Public-Key packet.
|
|
* The issuer of this certification has not done any verification of
|
|
* the claim that the owner of this key is the User ID specified.
|
|
*/
|
|
NO_CERTIFICATION(PGPSignature.NO_CERTIFICATION),
|
|
|
|
/**
|
|
* Casual certification of a User ID and Public-Key packet.
|
|
* The issuer of this certification has done some casual
|
|
* verification of the claim of identity.
|
|
*/
|
|
CASUAL_CERTIFICATION(PGPSignature.CASUAL_CERTIFICATION),
|
|
|
|
/**
|
|
* Positive certification of a User ID and Public-Key packet.
|
|
* The issuer of this certification has done substantial
|
|
* verification of the claim of identity.
|
|
*/
|
|
POSITIVE_CERTIFICATION(PGPSignature.POSITIVE_CERTIFICATION),
|
|
|
|
/**
|
|
* Subkey Binding Signature.
|
|
* This signature is a statement by the top-level signing key that
|
|
* indicates that it owns the subkey. This signature is calculated
|
|
* directly on the primary key and subkey, and not on any User ID or
|
|
* other packets. A signature that binds a signing subkey MUST have
|
|
* an Embedded Signature subpacket in this binding signature that
|
|
* contains a {@link #PRIMARYKEY_BINDING} signature made by the
|
|
* signing subkey on the primary key and subkey.
|
|
*/
|
|
SUBKEY_BINDING(PGPSignature.SUBKEY_BINDING),
|
|
|
|
/**
|
|
* Primary Key Binding Signature
|
|
* This signature is a statement by a signing subkey, indicating
|
|
* that it is owned by the primary key and subkey. This signature
|
|
* is calculated the same way as a {@link #SUBKEY_BINDING} signature:
|
|
* directly on the primary key and subkey, and not on any User ID or
|
|
* other packets.
|
|
*/
|
|
PRIMARYKEY_BINDING(PGPSignature.PRIMARYKEY_BINDING),
|
|
|
|
/**
|
|
* Signature directly on a key
|
|
* This signature is calculated directly on a key. It binds the
|
|
* information in the Signature subpackets to the key, and is
|
|
* appropriate to be used for subpackets that provide information
|
|
* about the key, such as the Revocation Key subpacket. It is also
|
|
* appropriate for statements that non-self certifiers want to make
|
|
* about the key itself, rather than the binding between a key and a
|
|
* name.
|
|
*/
|
|
DIRECT_KEY(PGPSignature.DIRECT_KEY),
|
|
|
|
/**
|
|
* Key revocation signature
|
|
* The signature is calculated directly on the key being revoked. A
|
|
* revoked key is not to be used. Only revocation signatures by the
|
|
* key being revoked, or by an authorized revocation key, should be
|
|
* considered valid revocation signatures.
|
|
*/
|
|
KEY_REVOCATION(PGPSignature.KEY_REVOCATION),
|
|
|
|
/**
|
|
* Subkey revocation signature
|
|
* The signature is calculated directly on the subkey being revoked.
|
|
* A revoked subkey is not to be used. Only revocation signatures
|
|
* by the top-level signature key that is bound to this subkey, or
|
|
* by an authorized revocation key, should be considered valid
|
|
* revocation signatures.
|
|
*/
|
|
SUBKEY_REVOCATION(PGPSignature.SUBKEY_REVOCATION),
|
|
|
|
/**
|
|
* Certification revocation signature
|
|
* This signature revokes an earlier User ID certification signature
|
|
* (signature class 0x10 through 0x13) or signature {@link #DIRECT_KEY}.
|
|
* It should be issued by the same key that issued the
|
|
* revoked signature or an authorized revocation key. The signature
|
|
* is computed over the same data as the certificate that it
|
|
* revokes, and should have a later creation date than that
|
|
* certificate.
|
|
*/
|
|
CERTIFICATION_REVOCATION(PGPSignature.CERTIFICATION_REVOCATION),
|
|
|
|
/**
|
|
* Timestamp signature.
|
|
* This signature is only meaningful for the timestamp contained in
|
|
* it.
|
|
*/
|
|
TIMESTAMP(PGPSignature.TIMESTAMP),
|
|
|
|
/**
|
|
* Third-Party Confirmation signature.
|
|
* This signature is a signature over some other OpenPGP Signature
|
|
* packet(s). It is analogous to a notary seal on the signed data.
|
|
* A third-party signature SHOULD include Signature Target
|
|
* subpacket(s) to give easy identification. Note that we really do
|
|
* mean SHOULD. There are plausible uses for this (such as a blind
|
|
* party that only sees the signature, not the key or source
|
|
* document) that cannot include a target subpacket.
|
|
*/
|
|
THIRD_PARTY_CONFIRMATION(0x50)
|
|
;
|
|
|
|
private static final Map<Integer, SignatureType> map = new ConcurrentHashMap<>();
|
|
static {
|
|
for (SignatureType sigType : SignatureType.values()) {
|
|
map.put(sigType.getCode(), sigType);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Convert a numerical id into a {@link SignatureType}.
|
|
*
|
|
* @param code numeric id
|
|
* @return signature type enum
|
|
*/
|
|
public static SignatureType valueOf(int code) {
|
|
SignatureType type = map.get(code);
|
|
if (type != null) {
|
|
return type;
|
|
}
|
|
throw new IllegalArgumentException("Signature type 0x" + Integer.toHexString(code) + " appears to be invalid.");
|
|
}
|
|
|
|
private final int code;
|
|
|
|
SignatureType(int code) {
|
|
this.code = code;
|
|
}
|
|
|
|
/**
|
|
* Return the numeric id of the signature type enum.
|
|
*
|
|
* @return numeric id
|
|
*/
|
|
public int getCode() {
|
|
return code;
|
|
}
|
|
|
|
public static boolean isRevocationSignature(int signatureType) {
|
|
return isRevocationSignature(SignatureType.valueOf(signatureType));
|
|
}
|
|
|
|
public static boolean isRevocationSignature(SignatureType signatureType) {
|
|
switch (signatureType) {
|
|
case BINARY_DOCUMENT:
|
|
case CANONICAL_TEXT_DOCUMENT:
|
|
case STANDALONE:
|
|
case GENERIC_CERTIFICATION:
|
|
case NO_CERTIFICATION:
|
|
case CASUAL_CERTIFICATION:
|
|
case POSITIVE_CERTIFICATION:
|
|
case SUBKEY_BINDING:
|
|
case PRIMARYKEY_BINDING:
|
|
case DIRECT_KEY:
|
|
case TIMESTAMP:
|
|
case THIRD_PARTY_CONFIRMATION:
|
|
return false;
|
|
case KEY_REVOCATION:
|
|
case SUBKEY_REVOCATION:
|
|
case CERTIFICATION_REVOCATION:
|
|
return true;
|
|
default:
|
|
throw new IllegalArgumentException("Unknown signature type: " + signatureType);
|
|
}
|
|
}
|
|
|
|
}
|