From 4079eaa5a42dc7a674a5cf187be538c571d94eb6 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sat, 27 Sep 2025 14:28:10 +0200 Subject: [PATCH 1/8] Cert-D-Java 0.2.4-SNAPSHOT --- CHANGELOG.md | 2 +- version.gradle | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d4705c5..c13e877 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ SPDX-License-Identifier: CC0-1.0 # Cert-D-Java Changelog -## 0.2.3-SNAPSHOT +## 0.2.3 - Bump Bouncy Castle to `1.82` and switch to `jdk18on`-variants - Upgrade build system - Bump gradle to `8.8` diff --git a/version.gradle b/version.gradle index 98e8f08..0f736ed 100644 --- a/version.gradle +++ b/version.gradle @@ -4,8 +4,8 @@ allprojects { ext { - shortVersion = '0.2.3' - isSnapshot = false + shortVersion = '0.2.4' + isSnapshot = true javaSourceCompatibility = 11 bouncycastleVersion = '1.82' bouncyPgVersion = "$bouncycastleVersion" From eaa4e669f81506fa7f9bc66d3b48633f4f9aacea Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sat, 27 Sep 2025 14:58:20 +0200 Subject: [PATCH 2/8] Add constructor parameters to BadDataException --- CHANGELOG.md | 3 +++ .../certificate_store/exception/BadDataException.java | 11 +++++++++++ 2 files changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c13e877..41b0b5b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ SPDX-License-Identifier: CC0-1.0 # Cert-D-Java Changelog +## 0.2.4-SNAPSHOT +- Add constructor parameters to `BadDataException` + ## 0.2.3 - Bump Bouncy Castle to `1.82` and switch to `jdk18on`-variants - Upgrade build system diff --git a/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadDataException.java b/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadDataException.java index 3bb7019..b2734a7 100644 --- a/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadDataException.java +++ b/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadDataException.java @@ -9,4 +9,15 @@ package pgp.certificate_store.exception; */ public class BadDataException extends Exception { + public BadDataException(Throwable cause) { + super(cause); + } + + public BadDataException(String message, Throwable cause) { + super(message, cause); + } + + public BadDataException(String message) { + super(message); + } } From 10881662a9e2d789d84255e20eef7a0b1f656d30 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 29 Sep 2025 13:27:29 +0200 Subject: [PATCH 3/8] KeyMaterial.getFingerprint(): Remove documentation constraint to fingerprint length --- .../java/pgp/certificate_store/certificate/KeyMaterial.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pgp-certificate-store/src/main/java/pgp/certificate_store/certificate/KeyMaterial.java b/pgp-certificate-store/src/main/java/pgp/certificate_store/certificate/KeyMaterial.java index 1438b47..782aee6 100644 --- a/pgp-certificate-store/src/main/java/pgp/certificate_store/certificate/KeyMaterial.java +++ b/pgp-certificate-store/src/main/java/pgp/certificate_store/certificate/KeyMaterial.java @@ -11,8 +11,7 @@ import java.util.Set; public interface KeyMaterial { /** - * Return the fingerprint of the certificate as 40 lowercase hex characters. - * TODO: Allow OpenPGP V5 fingerprints + * Return the fingerprint of the certificate as lowercase hex characters. * * @return fingerprint */ From b4683292f8e43ed109ee8d74e30b882f038a910e Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 29 Sep 2025 13:39:23 +0200 Subject: [PATCH 4/8] Add support for 64-character OpenPGP v6 fingerprints --- .../src/main/java/pgp/cert_d/PGPCertificateDirectory.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pgp-cert-d-java/src/main/java/pgp/cert_d/PGPCertificateDirectory.java b/pgp-cert-d-java/src/main/java/pgp/cert_d/PGPCertificateDirectory.java index 87d2512..293f158 100644 --- a/pgp-cert-d-java/src/main/java/pgp/cert_d/PGPCertificateDirectory.java +++ b/pgp-cert-d-java/src/main/java/pgp/cert_d/PGPCertificateDirectory.java @@ -31,6 +31,7 @@ public class PGPCertificateDirectory final Backend backend; final SubkeyLookup subkeyLookup; private final Pattern openPgpV4FingerprintPattern = Pattern.compile("^[a-f0-9]{40}$"); + private final Pattern openPgpV6FingerprintPattern = Pattern.compile("^[a-f0-9]{64}$"); /** * Constructor for a PGP certificate directory. @@ -45,7 +46,8 @@ public class PGPCertificateDirectory @Override public Certificate getByFingerprint(String fingerprint) throws BadDataException, BadNameException, IOException { - if (!openPgpV4FingerprintPattern.matcher(fingerprint).matches()) { + if (!openPgpV4FingerprintPattern.matcher(fingerprint).matches() && + !openPgpV6FingerprintPattern.matcher(fingerprint).matches()) { throw new BadNameException(); } Certificate certificate = backend.readByFingerprint(fingerprint); From 9d85141f324a454bc02e94d4d7dc7a2dd54daa48 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 29 Sep 2025 13:39:58 +0200 Subject: [PATCH 5/8] BadDataException: Pass in throwable cause/message --- .../FileBasedCertificateDirectoryBackend.java | 18 +++++++++++------- .../dummy/TestKeyMaterialReaderBackend.java | 2 +- .../exception/BadDataException.java | 5 +++++ 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/pgp-cert-d-java/src/main/java/pgp/cert_d/backend/FileBasedCertificateDirectoryBackend.java b/pgp-cert-d-java/src/main/java/pgp/cert_d/backend/FileBasedCertificateDirectoryBackend.java index 08ac356..affc5b8 100644 --- a/pgp-cert-d-java/src/main/java/pgp/cert_d/backend/FileBasedCertificateDirectoryBackend.java +++ b/pgp-cert-d-java/src/main/java/pgp/cert_d/backend/FileBasedCertificateDirectoryBackend.java @@ -181,7 +181,9 @@ public class FileBasedCertificateDirectoryBackend implements PGPCertificateDirec Certificate certificate = reader.read(bufferedIn, tag).asCertificate(); if (!certificate.getFingerprint().equals(fingerprint)) { // TODO: Figure out more suitable exception - throw new BadDataException(); + throw new BadDataException("Identified certificate fingerprint does not match queried fingerprint:\n" + + "found: " + certificate.getFingerprint() + "\n" + + "query: " + fingerprint); } return certificate; @@ -242,7 +244,9 @@ public class FileBasedCertificateDirectoryBackend implements PGPCertificateDirec long tag = getTag(certFile); Certificate certificate = reader.read(new FileInputStream(certFile), tag).asCertificate(); if (!(subdirectory.getName() + certFile.getName()).equals(certificate.getFingerprint())) { - throw new BadDataException(); + throw new BadDataException("Certificate fingerprint does not match file location+name.\n" + + "Fingerprint: " + certificate.getFingerprint() + "\n" + + "Location+name: " + subdirectory.getName() + certFile.getName()); } return certificate; } catch (IOException e) { @@ -279,7 +283,7 @@ public class FileBasedCertificateDirectoryBackend implements PGPCertificateDirec existingCertificate = readBySpecialName(SpecialNames.TRUST_ROOT); certFile = resolver.getCertFileBySpecialName(SpecialNames.TRUST_ROOT); } catch (BadNameException e) { - throw new BadDataException(); + throw new BadDataException("Unknown special name '" + SpecialNames.TRUST_ROOT + "'"); } if (existingCertificate != null) { @@ -304,7 +308,7 @@ public class FileBasedCertificateDirectoryBackend implements PGPCertificateDirec existingCertificate = readByFingerprint(newCertificate.getFingerprint()); certFile = resolver.getCertFileByFingerprint(newCertificate.getFingerprint()); } catch (BadNameException e) { - throw new BadDataException(); + throw new BadDataException("Malformed key fingerprint: " + newCertificate.getFingerprint()); } if (existingCertificate != null) { @@ -324,7 +328,7 @@ public class FileBasedCertificateDirectoryBackend implements PGPCertificateDirec existingCertificate = readBySpecialName(specialName); certFile = resolver.getCertFileBySpecialName(specialName); } catch (BadNameException e) { - throw new BadDataException(); + throw new BadDataException("Unknown special name '" + specialName + "'"); } if (existingCertificate != null) { @@ -349,7 +353,7 @@ public class FileBasedCertificateDirectoryBackend implements PGPCertificateDirec private Long getTag(File file) throws IOException { if (!file.exists()) { - throw new NoSuchElementException(); + throw new NoSuchElementException("File '" + file.getAbsolutePath() + "' does not exist."); } Path path = file.toPath(); BasicFileAttributes attrs = Files.readAttributes(path, BasicFileAttributes.class); @@ -409,7 +413,7 @@ public class FileBasedCertificateDirectoryBackend implements PGPCertificateDirec */ public File getCertFileByFingerprint(String fingerprint) throws BadNameException { if (!isFingerprint(fingerprint)) { - throw new BadNameException(); + throw new BadNameException("Malformed query fingerprint '" + fingerprint + "'"); } // is fingerprint diff --git a/pgp-cert-d-java/src/test/java/pgp/cert_d/dummy/TestKeyMaterialReaderBackend.java b/pgp-cert-d-java/src/test/java/pgp/cert_d/dummy/TestKeyMaterialReaderBackend.java index 2ef392d..68f6cd8 100644 --- a/pgp-cert-d-java/src/test/java/pgp/cert_d/dummy/TestKeyMaterialReaderBackend.java +++ b/pgp-cert-d-java/src/test/java/pgp/cert_d/dummy/TestKeyMaterialReaderBackend.java @@ -43,7 +43,7 @@ public class TestKeyMaterialReaderBackend implements KeyMaterialReaderBackend { try { return readCertificate(new ByteArrayInputStream(out.toByteArray()), tag); } catch (IOException e1) { - throw new BadDataException(); + throw new BadDataException("Cannot read certificate", e1); } } } diff --git a/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadDataException.java b/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadDataException.java index b2734a7..87a1af6 100644 --- a/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadDataException.java +++ b/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadDataException.java @@ -9,6 +9,11 @@ package pgp.certificate_store.exception; */ public class BadDataException extends Exception { + @Deprecated // pass cause and/or message + public BadDataException() { + super(); + } + public BadDataException(Throwable cause) { super(cause); } From b471b7cc8d2b9c0f853b07900773281a62f6f0c5 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 29 Sep 2025 13:40:19 +0200 Subject: [PATCH 6/8] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 41b0b5b..9e9e351 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ SPDX-License-Identifier: CC0-1.0 ## 0.2.4-SNAPSHOT - Add constructor parameters to `BadDataException` +- Add support for OpenPGP v6 fingerprints ## 0.2.3 - Bump Bouncy Castle to `1.82` and switch to `jdk18on`-variants From b9083c43944fe6f6fdaea75c6877b47cc692273b Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 29 Sep 2025 13:44:57 +0200 Subject: [PATCH 7/8] Deprecate exception constructors without arguments --- .../java/pgp/certificate_store/exception/BadNameException.java | 1 + .../java/pgp/certificate_store/exception/NotAStoreException.java | 1 + 2 files changed, 2 insertions(+) diff --git a/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadNameException.java b/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadNameException.java index 957126e..e028739 100644 --- a/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadNameException.java +++ b/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadNameException.java @@ -9,6 +9,7 @@ package pgp.certificate_store.exception; */ public class BadNameException extends Exception { + @Deprecated // pass message public BadNameException() { super(); } diff --git a/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/NotAStoreException.java b/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/NotAStoreException.java index a19aa9c..401b757 100644 --- a/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/NotAStoreException.java +++ b/pgp-certificate-store/src/main/java/pgp/certificate_store/exception/NotAStoreException.java @@ -9,6 +9,7 @@ package pgp.certificate_store.exception; */ public class NotAStoreException extends Exception { + @Deprecated // pass message public NotAStoreException() { super(); } From 3782eb438c3038410d163727b2c047a9259ce394 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 29 Sep 2025 13:45:08 +0200 Subject: [PATCH 8/8] Exceptions: Pass in detailed error messages --- .../src/main/java/pgp/cert_d/PGPCertificateDirectory.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pgp-cert-d-java/src/main/java/pgp/cert_d/PGPCertificateDirectory.java b/pgp-cert-d-java/src/main/java/pgp/cert_d/PGPCertificateDirectory.java index 293f158..dfcdd8a 100644 --- a/pgp-cert-d-java/src/main/java/pgp/cert_d/PGPCertificateDirectory.java +++ b/pgp-cert-d-java/src/main/java/pgp/cert_d/PGPCertificateDirectory.java @@ -48,11 +48,11 @@ public class PGPCertificateDirectory public Certificate getByFingerprint(String fingerprint) throws BadDataException, BadNameException, IOException { if (!openPgpV4FingerprintPattern.matcher(fingerprint).matches() && !openPgpV6FingerprintPattern.matcher(fingerprint).matches()) { - throw new BadNameException(); + throw new BadNameException("Queried fingerprint '" + fingerprint + "' does neither match OpenPGP v4 nor OpenPGP v6 format."); } Certificate certificate = backend.readByFingerprint(fingerprint); if (certificate == null) { - throw new NoSuchElementException(); + throw new NoSuchElementException("No certificate with fingerprint '" + fingerprint + "' found."); } return certificate; } @@ -74,7 +74,7 @@ public class PGPCertificateDirectory if (keyMaterial != null) { return keyMaterial.asCertificate(); } - throw new NoSuchElementException(); + throw new NoSuchElementException("No certificate with special name '" + specialName + "' found."); } @Override @@ -131,7 +131,7 @@ public class PGPCertificateDirectory try { KeyMaterial keyMaterial = backend.readBySpecialName(SpecialNames.TRUST_ROOT); if (keyMaterial == null) { - throw new NoSuchElementException(); + throw new NoSuchElementException("No trust-root found."); } return keyMaterial; } catch (BadNameException e) {