From 7cf9c575773c1790956752da2bdf06a5492904cf Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Tue, 1 Mar 2022 16:58:25 +0100 Subject: [PATCH 01/63] Cert-D-PGPainless 0.1.0-SNAPSHOT --- version.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.gradle b/version.gradle index ca8cdd4..f776c6a 100644 --- a/version.gradle +++ b/version.gradle @@ -4,8 +4,8 @@ allprojects { ext { - shortVersion = '0.1.0' - isSnapshot = false + shortVersion = '0.1.1' + isSnapshot = true minAndroidSdk = 10 javaSourceCompatibility = 1.8 } From bbe7140a8ea75ad3fb5d19350344b0e2d3dafe80 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Tue, 1 Mar 2022 17:16:26 +0100 Subject: [PATCH 02/63] Add badges and info to readme files --- pgpainless-cert-d-cli/README.md | 3 +++ pgpainless-cert-d/README.md | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/pgpainless-cert-d-cli/README.md b/pgpainless-cert-d-cli/README.md index 86735bb..6747349 100644 --- a/pgpainless-cert-d-cli/README.md +++ b/pgpainless-cert-d-cli/README.md @@ -6,5 +6,8 @@ SPDX-License-Identifier: Apache-2.0 # Command Line Interface for pgpainless-cert-d +[![javadoc](https://javadoc.io/badge2/org.pgpainless/pgpainless-cert-d-cli/javadoc.svg)](https://javadoc.io/doc/org.pgpainless/pgpainless-cert-d-cli) +[![Maven Central](https://badgen.net/maven/v/maven-central/org.pgpainless/pgpainless-cert-d-cli)](https://search.maven.org/artifact/org.pgpainless/pgpainless-cert-d-cli) + This module utilizes [picocli](https://picocli.info) to provide a CLI application for use with the [Shared PGP Certificate Directory](https://sequoia-pgp.gitlab.io/pgp-cert-d/). diff --git a/pgpainless-cert-d/README.md b/pgpainless-cert-d/README.md index c0ceb09..8e6ef55 100644 --- a/pgpainless-cert-d/README.md +++ b/pgpainless-cert-d/README.md @@ -6,4 +6,9 @@ SPDX-License-Identifier: Apache-2.0 # Shared PGP Certificate Directory + PGPainless -This module makes use of `pgpainless-core` to provide backend implementations of classes required by `pgp-cert-d-java`. \ No newline at end of file +[![javadoc](https://javadoc.io/badge2/org.pgpainless/pgpainless-cert-d/javadoc.svg)](https://javadoc.io/doc/org.pgpainless/pgpainless-cert-d) +[![Maven Central](https://badgen.net/maven/v/maven-central/org.pgpainless/pgpainless-cert-d)](https://search.maven.org/artifact/org.pgpainless/pgpainless-cert-d) + +This module makes use of [pgpainless-core](https://github.com/pgpainless/pgpainless) +to provide backend implementations of classes required by +[pgp-cert-d-java](https://github.com/pgpainless/cert-d-java). \ No newline at end of file From 1ccd617a99bd6b08dfb5e527358cd15df5012a0f Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 17 Mar 2022 15:05:15 +0100 Subject: [PATCH 03/63] Bump pgpainless-core to 1.1.3 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 1fdc782..764f5e6 100644 --- a/build.gradle +++ b/build.gradle @@ -62,7 +62,7 @@ allprojects { logbackVersion = '1.2.9' junitVersion = '5.8.2' mockitoVersion = '4.2.0' - pgpainlessVersion = '1.1.1' + pgpainlessVersion = '1.1.3' pgpCertDJavaVersion = '0.1.0' rootConfigDir = new File(rootDir, 'config') gitCommit = getGitCommit() From 464b478ce4c227d87311d6f0d3f403fee1ad28f5 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 17 Mar 2022 15:05:59 +0100 Subject: [PATCH 04/63] Update CHANGELOG --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 18fccce..90eb17c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,5 +5,8 @@ SPDX-License-Identifier: CC0-1.0 # Cert-D-PGPainless Changelog -# 0.1.0 +## 0.1.1 +- Bump `pgpainless-core` to 1.1.3 + +## 0.1.0 - Initial Release From 9d5fb7c221e54280170c7822e1274bbf2bc4a625 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 17 Mar 2022 15:11:28 +0100 Subject: [PATCH 05/63] Cert-D-PGPainless 0.1.1 --- version.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.gradle b/version.gradle index f776c6a..29b81c3 100644 --- a/version.gradle +++ b/version.gradle @@ -5,7 +5,7 @@ allprojects { ext { shortVersion = '0.1.1' - isSnapshot = true + isSnapshot = false minAndroidSdk = 10 javaSourceCompatibility = 1.8 } From 2aaa2b51473fa5f1aa07cd4d698a7f69a879413b Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 17 Mar 2022 15:13:57 +0100 Subject: [PATCH 06/63] Cert-D-PGPainless 0.1.2-SNAPSHOT --- version.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.gradle b/version.gradle index 29b81c3..04f682d 100644 --- a/version.gradle +++ b/version.gradle @@ -4,8 +4,8 @@ allprojects { ext { - shortVersion = '0.1.1' - isSnapshot = false + shortVersion = '0.1.2' + isSnapshot = true minAndroidSdk = 10 javaSourceCompatibility = 1.8 } From 1ab2db9c2f4a126aaada7d8b3b2ca4911f565a7f Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 7 Apr 2022 21:38:07 +0200 Subject: [PATCH 07/63] Move dependency versions into version.gradle and bump pgpainless to 1.2.0 --- build.gradle | 6 ------ version.gradle | 6 ++++++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/build.gradle b/build.gradle index 764f5e6..5b107fc 100644 --- a/build.gradle +++ b/build.gradle @@ -58,12 +58,6 @@ allprojects { } project.ext { - slf4jVersion = '1.7.32' - logbackVersion = '1.2.9' - junitVersion = '5.8.2' - mockitoVersion = '4.2.0' - pgpainlessVersion = '1.1.3' - pgpCertDJavaVersion = '0.1.0' rootConfigDir = new File(rootDir, 'config') gitCommit = getGitCommit() isContinuousIntegrationEnvironment = Boolean.parseBoolean(System.getenv('CI')) diff --git a/version.gradle b/version.gradle index 04f682d..03e3ede 100644 --- a/version.gradle +++ b/version.gradle @@ -8,5 +8,11 @@ allprojects { isSnapshot = true minAndroidSdk = 10 javaSourceCompatibility = 1.8 + slf4jVersion = '1.7.32' + logbackVersion = '1.2.9' + junitVersion = '5.8.2' + mockitoVersion = '4.2.0' + pgpainlessVersion = '1.2.0' + pgpCertDJavaVersion = '0.1.0' } } From 94bdbbc3d2c0913d8699e462c023e4c3d356e31d Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 25 Apr 2022 23:57:03 +0200 Subject: [PATCH 08/63] Add name and description to main command --- .../src/main/java/pgp/cert_d/cli/PGPCertDCli.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index 859dd2f..e7f535d 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -22,6 +22,8 @@ import java.io.File; import java.sql.SQLException; @CommandLine.Command( + name = "certificate-store", + description = "Store and manage public OpenPGP certificates", subcommands = { Import.class, MultiImport.class, From 57ab8bad32e5d86182a8b61897d9b9a7f6fdf033 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Tue, 26 Apr 2022 00:43:30 +0200 Subject: [PATCH 09/63] Bump slf4j to 1.7.36 --- version.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.gradle b/version.gradle index 03e3ede..f5e97ea 100644 --- a/version.gradle +++ b/version.gradle @@ -8,7 +8,7 @@ allprojects { isSnapshot = true minAndroidSdk = 10 javaSourceCompatibility = 1.8 - slf4jVersion = '1.7.32' + slf4jVersion = '1.7.36' logbackVersion = '1.2.9' junitVersion = '5.8.2' mockitoVersion = '4.2.0' From bdfdb57d1f66cbbadc77f0c9e938b6046baa82dd Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Tue, 26 Apr 2022 00:43:54 +0200 Subject: [PATCH 10/63] Bump logback to 1.2.11 --- version.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.gradle b/version.gradle index f5e97ea..012e8fb 100644 --- a/version.gradle +++ b/version.gradle @@ -9,7 +9,7 @@ allprojects { minAndroidSdk = 10 javaSourceCompatibility = 1.8 slf4jVersion = '1.7.36' - logbackVersion = '1.2.9' + logbackVersion = '1.2.11' junitVersion = '5.8.2' mockitoVersion = '4.2.0' pgpainlessVersion = '1.2.0' From 006ef4a20d18d149c1dc971a2d695c578bbf1e49 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Tue, 26 Apr 2022 00:44:45 +0200 Subject: [PATCH 11/63] Bump mockito to 4.5.1 --- version.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.gradle b/version.gradle index 012e8fb..3938b7f 100644 --- a/version.gradle +++ b/version.gradle @@ -11,7 +11,7 @@ allprojects { slf4jVersion = '1.7.36' logbackVersion = '1.2.11' junitVersion = '5.8.2' - mockitoVersion = '4.2.0' + mockitoVersion = '4.5.1' pgpainlessVersion = '1.2.0' pgpCertDJavaVersion = '0.1.0' } From 765dfac9169f0506944e58e7163809180c264bb9 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Tue, 26 Apr 2022 00:48:30 +0200 Subject: [PATCH 12/63] Bump picocli to 4.6.3 --- pgpainless-cert-d-cli/build.gradle | 2 +- version.gradle | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pgpainless-cert-d-cli/build.gradle b/pgpainless-cert-d-cli/build.gradle index 5c5ad6c..48a1719 100644 --- a/pgpainless-cert-d-cli/build.gradle +++ b/pgpainless-cert-d-cli/build.gradle @@ -23,7 +23,7 @@ dependencies { implementation "org.pgpainless:pgp-cert-d-java-jdbc-sqlite-lookup:$pgpCertDJavaVersion" // picocli for cli - implementation "info.picocli:picocli:4.6.2" + implementation "info.picocli:picocli:$picocliVersion" } test { diff --git a/version.gradle b/version.gradle index 3938b7f..03e1c2d 100644 --- a/version.gradle +++ b/version.gradle @@ -14,5 +14,6 @@ allprojects { mockitoVersion = '4.5.1' pgpainlessVersion = '1.2.0' pgpCertDJavaVersion = '0.1.0' + picocliVersion = '4.6.3' } } From 81055cd8620555c2bc635bdc302dc0c5dd35fc31 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Tue, 26 Apr 2022 00:52:29 +0200 Subject: [PATCH 13/63] Add documentation to build.gradle --- pgpainless-cert-d-cli/build.gradle | 4 ++++ pgpainless-cert-d/build.gradle | 7 ++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/pgpainless-cert-d-cli/build.gradle b/pgpainless-cert-d-cli/build.gradle index 48a1719..2dcb9f9 100644 --- a/pgpainless-cert-d-cli/build.gradle +++ b/pgpainless-cert-d-cli/build.gradle @@ -13,13 +13,17 @@ repositories { } dependencies { + // Junit testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion" testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion" // Logging testImplementation "ch.qos.logback:logback-classic:$logbackVersion" + // pgp.cert.d using PGPainless implementation project(":pgpainless-cert-d") + + // SQL subkey table implementation "org.pgpainless:pgp-cert-d-java-jdbc-sqlite-lookup:$pgpCertDJavaVersion" // picocli for cli diff --git a/pgpainless-cert-d/build.gradle b/pgpainless-cert-d/build.gradle index d9b4308..bba6ebf 100644 --- a/pgpainless-cert-d/build.gradle +++ b/pgpainless-cert-d/build.gradle @@ -15,19 +15,24 @@ repositories { apply plugin: 'ru.vyarus.animalsniffer' dependencies { - // animal sniffer + // animal sniffer for ensuring Android API compatibility signature "net.sf.androidscents.signature:android-api-level-${minAndroidSdk}:2.3.3_r2@signature" + // JUnit testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion" testImplementation "org.junit.jupiter:junit-jupiter-params:$junitVersion" testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion" + // Mockito for mocking during tests testImplementation "org.mockito:mockito-core:$mockitoVersion" // Logging testImplementation "ch.qos.logback:logback-classic:$logbackVersion" + // PGPainless for OpenPGP api "org.pgpainless:pgpainless-core:$pgpainlessVersion" + + // pgp.cert.d api "org.pgpainless:pgp-cert-d-java:$pgpCertDJavaVersion" } From 3dcba7a868b3a46da07440840e0810de1e40b977 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Tue, 26 Apr 2022 00:55:59 +0200 Subject: [PATCH 14/63] Update changelog --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 90eb17c..a365e8e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,14 @@ SPDX-License-Identifier: CC0-1.0 # Cert-D-PGPainless Changelog +## 0.1.2-SNAPSHOT +- Add name and description to main command +- Bump `pgpainless-core` to `1.2.0` +- Bump `slf4j` to `1.7.36` +- Bump `logback` to `1.2.11` +- Bump `mockito` to `4.5.1` +- Bump `picocli` to `4.6.3` + ## 0.1.1 - Bump `pgpainless-core` to 1.1.3 From 079f78c141e94ef131cb78f0313aa4b102e61eca Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 29 Apr 2022 17:08:51 +0200 Subject: [PATCH 15/63] Bump pgpainless-core to 1.2.1 --- version.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.gradle b/version.gradle index 03e1c2d..e822544 100644 --- a/version.gradle +++ b/version.gradle @@ -12,7 +12,7 @@ allprojects { logbackVersion = '1.2.11' junitVersion = '5.8.2' mockitoVersion = '4.5.1' - pgpainlessVersion = '1.2.0' + pgpainlessVersion = '1.2.1' pgpCertDJavaVersion = '0.1.0' picocliVersion = '4.6.3' } From 623b86ff0400a6901cb4bae579d0504bf3711c0f Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 29 Apr 2022 17:09:09 +0200 Subject: [PATCH 16/63] Bump cert-d-java to 0.1.1 --- version.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.gradle b/version.gradle index e822544..33cffd0 100644 --- a/version.gradle +++ b/version.gradle @@ -13,7 +13,7 @@ allprojects { junitVersion = '5.8.2' mockitoVersion = '4.5.1' pgpainlessVersion = '1.2.1' - pgpCertDJavaVersion = '0.1.0' + pgpCertDJavaVersion = '0.1.1' picocliVersion = '4.6.3' } } From 8d0899ce22a907608504f931b5cf8192d5cdeeb6 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 29 Apr 2022 17:09:55 +0200 Subject: [PATCH 17/63] Update README --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a365e8e..f43a11f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,8 @@ SPDX-License-Identifier: CC0-1.0 ## 0.1.2-SNAPSHOT - Add name and description to main command -- Bump `pgpainless-core` to `1.2.0` +- Bump `pgpainless-core` to `1.2.1` +- Bump `cert-d-java` to `0.1.1` - Bump `slf4j` to `1.7.36` - Bump `logback` to `1.2.11` - Bump `mockito` to `4.5.1` From 93d6d4045885c8928ac5fda81f06ca51c48bc4a6 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 29 Apr 2022 17:10:40 +0200 Subject: [PATCH 18/63] Enable mavenLocal() in build.gradle --- build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/build.gradle b/build.gradle index 5b107fc..da3d624 100644 --- a/build.gradle +++ b/build.gradle @@ -49,6 +49,7 @@ allprojects { repositories { mavenCentral() + mavenLocal() } // Reproducible Builds From 07b7f38379a3d7970bb622a97324a8a1a5518cbd Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 29 Apr 2022 17:11:48 +0200 Subject: [PATCH 19/63] Cert-D-PGPainless 0.1.2 --- version.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.gradle b/version.gradle index 33cffd0..925e795 100644 --- a/version.gradle +++ b/version.gradle @@ -5,7 +5,7 @@ allprojects { ext { shortVersion = '0.1.2' - isSnapshot = true + isSnapshot = false minAndroidSdk = 10 javaSourceCompatibility = 1.8 slf4jVersion = '1.7.36' From 6d3e2ba364fc1f34df8d0ed38fed029072dd0854 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 29 Apr 2022 17:14:29 +0200 Subject: [PATCH 20/63] Cert-D-PGPainless 0.1.3-SNAPSHOT --- version.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.gradle b/version.gradle index 925e795..905f77c 100644 --- a/version.gradle +++ b/version.gradle @@ -4,8 +4,8 @@ allprojects { ext { - shortVersion = '0.1.2' - isSnapshot = false + shortVersion = '0.1.3' + isSnapshot = true minAndroidSdk = 10 javaSourceCompatibility = 1.8 slf4jVersion = '1.7.36' From 22f26c4b2afd22c932edb63b9d0258c50d2a2c73 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 29 Apr 2022 17:24:12 +0200 Subject: [PATCH 21/63] Update changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f43a11f..2111522 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ SPDX-License-Identifier: CC0-1.0 # Cert-D-PGPainless Changelog -## 0.1.2-SNAPSHOT +## 0.1.2 - Add name and description to main command - Bump `pgpainless-core` to `1.2.1` - Bump `cert-d-java` to `0.1.1` From adf9e534c44e84bd0ac0f493fb3427e91d54dd2a Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 4 Jul 2022 12:01:16 +0200 Subject: [PATCH 22/63] get: properly handle uppercase fingerprints --- .../SharedPGPCertificateDirectoryAdapter.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java index e7b2d81..6cb2ace 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java @@ -49,7 +49,7 @@ public class SharedPGPCertificateDirectoryAdapter return directory.getBySpecialName(specialName); } - return directory.getByFingerprint(identifier); + return directory.getByFingerprint(identifier.toLowerCase()); } @@ -61,7 +61,7 @@ public class SharedPGPCertificateDirectoryAdapter return directory.getBySpecialNameIfChanged(specialName, tag); } - return directory.getByFingerprintIfChanged(identifier, tag); + return directory.getByFingerprintIfChanged(identifier.toLowerCase(), tag); } From 32f2bbede73d2f3905ee8f7457d7a7a26f91fc8b Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 4 Jul 2022 12:52:49 +0200 Subject: [PATCH 23/63] Use PGPPublicKeyRing.join(first, second) for proper MergeCallback --- .../cli/commands/DefaultMergeCallback.java | 85 +++++++++++++++++++ .../java/pgp/cert_d/cli/commands/Import.java | 18 +--- .../pgp/cert_d/cli/commands/MultiImport.java | 12 +-- 3 files changed, 90 insertions(+), 25 deletions(-) create mode 100644 pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/DefaultMergeCallback.java diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/DefaultMergeCallback.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/DefaultMergeCallback.java new file mode 100644 index 0000000..2a679af --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/DefaultMergeCallback.java @@ -0,0 +1,85 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli.commands; + +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPPublicKey; +import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.pgpainless.PGPainless; +import org.pgpainless.certificate_store.CertificateFactory; +import org.pgpainless.key.OpenPgpFingerprint; +import pgp.certificate_store.Certificate; +import pgp.certificate_store.MergeCallback; + +import java.io.IOException; +import java.util.Iterator; + +public class DefaultMergeCallback implements MergeCallback { + + @Override + public Certificate merge(Certificate data, Certificate existing) throws IOException { + try { + PGPPublicKeyRing existingCert = PGPainless.readKeyRing().publicKeyRing(existing.getInputStream()); + PGPPublicKeyRing updatedCert = PGPainless.readKeyRing().publicKeyRing(data.getInputStream()); + PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert); + + printOutDifferences(existingCert, mergedCert); + + return CertificateFactory.certificateFromPublicKeyRing(mergedCert); + } catch (PGPException e) { + throw new RuntimeException(e); + } + } + + private void printOutDifferences(PGPPublicKeyRing existingCert, PGPPublicKeyRing mergedCert) { + int numSigsBefore = countSigs(existingCert); + int numSigsAfter = countSigs(mergedCert); + int newSigs = numSigsAfter - numSigsBefore; + int numUidsBefore = count(existingCert.getPublicKey().getUserIDs()); + int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs()); + int newUids = numUidsAfter - numUidsBefore; + + if (!existingCert.equals(mergedCert)) { + OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert); + StringBuilder sb = new StringBuilder(); + sb.append(String.format("Certificate %s has", fingerprint)); + if (newSigs != 0) { + sb.append(String.format(" %d new signatures", newSigs)); + } + if (newUids != 0) { + if (newSigs != 0) { + sb.append(" and"); + } + sb.append(String.format(" %d new UIDs", newUids)); + } + if (newSigs == 0 && newUids == 0) { + sb.append(" changed"); + } + + // In this case it is okay to print to stdout, since we are a CLI app + // CHECKSTYLE:OFF + System.out.println(sb); + // CHECKSTYLE:ON + } + } + + private static int countSigs(PGPPublicKeyRing keys) { + int numSigs = 0; + for (PGPPublicKey key : keys) { + numSigs += count(key.getSignatures()); + } + return numSigs; + } + + // TODO: Use CollectionUtils.count() once available + private static int count(Iterator iterator) { + int num = 0; + while (iterator.hasNext()) { + iterator.next(); + num++; + } + return num; + } +} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index de2cbcd..cfbbf03 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -4,8 +4,6 @@ package pgp.cert_d.cli.commands; -import java.io.IOException; - import org.slf4j.Logger; import org.slf4j.LoggerFactory; import pgp.cert_d.cli.PGPCertDCli; @@ -14,27 +12,19 @@ import pgp.certificate_store.MergeCallback; import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; +import java.io.IOException; + @CommandLine.Command(name = "import", description = "Import or update a certificate") public class Import implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(Import.class); - - // TODO: Replace with proper merge callback - private final MergeCallback dummyMerge = new MergeCallback() { - @Override - public Certificate merge(Certificate data, Certificate existing) throws IOException { - return data; - } - }; + private final MergeCallback mergeCallback = new DefaultMergeCallback(); @Override public void run() { try { - Certificate certificate = PGPCertDCli.getCertificateDirectory().insertCertificate(System.in, dummyMerge); - // CHECKSTYLE:OFF - System.out.println(certificate.getFingerprint()); - // CHECKSTYLE:ON + Certificate certificate = PGPCertDCli.getCertificateDirectory().insertCertificate(System.in, mergeCallback); } catch (IOException e) { LOGGER.error("IO-Error.", e); System.exit(-1); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/MultiImport.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/MultiImport.java index 112403d..6a38460 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/MultiImport.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/MultiImport.java @@ -24,14 +24,7 @@ import java.io.IOException; public class MultiImport implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(MultiImport.class); - - // TODO: Replace with proper merge callback - private final MergeCallback dummyMerge = new MergeCallback() { - @Override - public Certificate merge(Certificate data, Certificate existing) throws IOException { - return data; - } - }; + private final MergeCallback dummyMerge = new DefaultMergeCallback(); @Override public void run() { @@ -41,9 +34,6 @@ public class MultiImport implements Runnable { ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); Certificate certificate = PGPCertDCli.getCertificateDirectory() .insertCertificate(certIn, dummyMerge); - // CHECKSTYLE:OFF - System.out.println(certificate.getFingerprint()); - // CHECKSTYLE:ON } } catch (IOException e) { LOGGER.error("IO-Error.", e); From a417c322b31a7f5f151e039a873247cb8eced3c9 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 4 Jul 2022 12:55:04 +0200 Subject: [PATCH 24/63] Update changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2111522..e2e320a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,10 @@ SPDX-License-Identifier: CC0-1.0 # Cert-D-PGPainless Changelog +## 0.1.3-SNAPSHOT +- `get`: Apply `toLowerCase()` to fingerprints +- Use BCs `PGPPublicKeyRing.join(first, second)` method to properly merge certificates + ## 0.1.2 - Add name and description to main command - Bump `pgpainless-core` to `1.2.1` From d0413f2169c81b425ece5667155691f810b5a747 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 4 Jul 2022 13:04:11 +0200 Subject: [PATCH 25/63] Rename Import task to Insert --- .../src/main/java/pgp/cert_d/cli/PGPCertDCli.java | 4 ++-- .../pgp/cert_d/cli/commands/{Import.java => Insert.java} | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) rename pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/{Import.java => Insert.java} (88%) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index e7f535d..1f4029b 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -9,7 +9,7 @@ import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter; import pgp.cert_d.BaseDirectoryProvider; import pgp.cert_d.SharedPGPCertificateDirectoryImpl; import pgp.cert_d.cli.commands.Get; -import pgp.cert_d.cli.commands.Import; +import pgp.cert_d.cli.commands.Insert; import pgp.cert_d.cli.commands.MultiImport; import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookup; import pgp.cert_d.jdbc.sqlite.SqliteSubkeyLookupDaoImpl; @@ -25,7 +25,7 @@ import java.sql.SQLException; name = "certificate-store", description = "Store and manage public OpenPGP certificates", subcommands = { - Import.class, + Insert.class, MultiImport.class, Get.class, } diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java similarity index 88% rename from pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java rename to pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java index cfbbf03..2dfa0e8 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java @@ -14,11 +14,11 @@ import picocli.CommandLine; import java.io.IOException; -@CommandLine.Command(name = "import", - description = "Import or update a certificate") -public class Import implements Runnable { +@CommandLine.Command(name = "insert", + description = "Insert or update a certificate") +public class Insert implements Runnable { - private static final Logger LOGGER = LoggerFactory.getLogger(Import.class); + private static final Logger LOGGER = LoggerFactory.getLogger(Insert.class); private final MergeCallback mergeCallback = new DefaultMergeCallback(); @Override From 1efb2598a28fbc218c0f47e0ea0320308cd20388 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 4 Jul 2022 13:05:32 +0200 Subject: [PATCH 26/63] Rename MultiImport task to Import --- .../src/main/java/pgp/cert_d/cli/PGPCertDCli.java | 4 ++-- .../cli/commands/{MultiImport.java => Import.java} | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) rename pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/{MultiImport.java => Import.java} (83%) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index 1f4029b..a45a969 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -10,7 +10,7 @@ import pgp.cert_d.BaseDirectoryProvider; import pgp.cert_d.SharedPGPCertificateDirectoryImpl; import pgp.cert_d.cli.commands.Get; import pgp.cert_d.cli.commands.Insert; -import pgp.cert_d.cli.commands.MultiImport; +import pgp.cert_d.cli.commands.Import; import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookup; import pgp.cert_d.jdbc.sqlite.SqliteSubkeyLookupDaoImpl; import pgp.certificate_store.SubkeyLookup; @@ -26,7 +26,7 @@ import java.sql.SQLException; description = "Store and manage public OpenPGP certificates", subcommands = { Insert.class, - MultiImport.class, + Import.class, Get.class, } ) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/MultiImport.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java similarity index 83% rename from pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/MultiImport.java rename to pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index 6a38460..4c2a484 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/MultiImport.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -19,12 +19,12 @@ import picocli.CommandLine; import java.io.ByteArrayInputStream; import java.io.IOException; -@CommandLine.Command(name = "multi-import", - description = "Import or update multiple certificates") -public class MultiImport implements Runnable { +@CommandLine.Command(name = "import", + description = "Import certificates into the store from stdin") +public class Import implements Runnable { - private static final Logger LOGGER = LoggerFactory.getLogger(MultiImport.class); - private final MergeCallback dummyMerge = new DefaultMergeCallback(); + private static final Logger LOGGER = LoggerFactory.getLogger(Import.class); + private final MergeCallback mergeCallback = new DefaultMergeCallback(); @Override public void run() { @@ -33,7 +33,7 @@ public class MultiImport implements Runnable { for (PGPPublicKeyRing cert : certificates) { ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); Certificate certificate = PGPCertDCli.getCertificateDirectory() - .insertCertificate(certIn, dummyMerge); + .insertCertificate(certIn, mergeCallback); } } catch (IOException e) { LOGGER.error("IO-Error.", e); From fca9a8ef919eea5cb2ec06de33bcece37b7fb811 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 4 Jul 2022 13:19:36 +0200 Subject: [PATCH 27/63] Add Export command --- .../main/java/pgp/cert_d/cli/PGPCertDCli.java | 2 + .../java/pgp/cert_d/cli/commands/Export.java | 40 +++++++++++++++++++ .../java/pgp/cert_d/cli/commands/Import.java | 2 +- 3 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index a45a969..fe0f1b0 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -8,6 +8,7 @@ import org.pgpainless.certificate_store.CertificateReader; import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter; import pgp.cert_d.BaseDirectoryProvider; import pgp.cert_d.SharedPGPCertificateDirectoryImpl; +import pgp.cert_d.cli.commands.Export; import pgp.cert_d.cli.commands.Get; import pgp.cert_d.cli.commands.Insert; import pgp.cert_d.cli.commands.Import; @@ -25,6 +26,7 @@ import java.sql.SQLException; name = "certificate-store", description = "Store and manage public OpenPGP certificates", subcommands = { + Export.class, Insert.class, Import.class, Get.class, diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java new file mode 100644 index 0000000..4e61bc2 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java @@ -0,0 +1,40 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli.commands; + +import org.bouncycastle.util.io.Streams; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import pgp.cert_d.cli.PGPCertDCli; +import pgp.certificate_store.Certificate; +import picocli.CommandLine; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Iterator; + +@CommandLine.Command(name = "export", + description = "Export all certificates in the store to Standard Output") +public class Export implements Runnable { + + private static final Logger LOGGER = LoggerFactory.getLogger(Get.class); + + @Override + public void run() { + Iterator certificates = PGPCertDCli.getCertificateDirectory() + .getCertificates(); + while (certificates.hasNext()) { + try { + Certificate certificate = certificates.next(); + InputStream inputStream = certificate.getInputStream(); + Streams.pipeAll(inputStream, System.out); + inputStream.close(); + } catch (IOException e) { + LOGGER.error("IO Error", e); + System.exit(-1); + } + } + } +} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index 4c2a484..a62d11a 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -20,7 +20,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; @CommandLine.Command(name = "import", - description = "Import certificates into the store from stdin") + description = "Import certificates into the store from Standard Input") public class Import implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(Import.class); From ee1fd669edee211b2a27ef9f3c7fd93c84065186 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 4 Jul 2022 20:12:42 +0200 Subject: [PATCH 28/63] Implement storing of trust-root key --- README.md | 5 + .../java/pgp/cert_d/cli/MergeCallbacks.java | 124 ++++++++++++++++++ .../main/java/pgp/cert_d/cli/PGPCertDCli.java | 11 +- .../cli/commands/DefaultMergeCallback.java | 85 ------------ .../java/pgp/cert_d/cli/commands/Import.java | 5 +- .../java/pgp/cert_d/cli/commands/Insert.java | 6 +- .../java/pgp/cert_d/cli/commands/Setup.java | 107 +++++++++++++++ .../certificate_store/KeyFactory.java | 49 +++++++ .../certificate_store/KeyReader.java | 23 ++++ .../SharedPGPCertificateDirectoryAdapter.java | 32 ++++- ...redPGPCertificateDirectoryAdapterTest.java | 3 +- .../SharedPGPCertificateDirectoryTest.java | 9 +- version.gradle | 2 +- 13 files changed, 357 insertions(+), 104 deletions(-) create mode 100644 pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java delete mode 100644 pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/DefaultMergeCallback.java create mode 100644 pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java create mode 100644 pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java create mode 100644 pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyReader.java diff --git a/README.md b/README.md index d661028..aa8997e 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,8 @@ + # Shared PGP Certificate Directory for Java This repository contains implementations of the [Shared PGP Certificate Directory](https://sequoia-pgp.gitlab.io/pgp-cert-d/) specification using [PGPainless](https://pgpainless.org) as backend. diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java new file mode 100644 index 0000000..02fb292 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java @@ -0,0 +1,124 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli; + +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPPublicKey; +import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.pgpainless.PGPainless; +import org.pgpainless.certificate_store.CertificateFactory; +import org.pgpainless.key.OpenPgpFingerprint; +import pgp.certificate_store.Certificate; +import pgp.certificate_store.CertificateMerger; +import pgp.certificate_store.Key; +import pgp.certificate_store.KeyMerger; + +import java.io.IOException; +import java.util.Iterator; + +public class MergeCallbacks { + + /** + * Return a {@link CertificateMerger} that merges the two copies of the same certificate (same primary key) into one + * combined certificate. + * + * @return merging callback + */ + public static CertificateMerger mergeCertificates() { + return new CertificateMerger() { + + @Override + public Certificate merge(Certificate data, Certificate existing) throws IOException { + try { + PGPPublicKeyRing existingCert = PGPainless.readKeyRing().publicKeyRing(existing.getInputStream()); + PGPPublicKeyRing updatedCert = PGPainless.readKeyRing().publicKeyRing(data.getInputStream()); + PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert); + + printOutDifferences(existingCert, mergedCert); + + return CertificateFactory.certificateFromPublicKeyRing(mergedCert); + } catch (PGPException e) { + throw new RuntimeException(e); + } + } + + private void printOutDifferences(PGPPublicKeyRing existingCert, PGPPublicKeyRing mergedCert) { + int numSigsBefore = countSigs(existingCert); + int numSigsAfter = countSigs(mergedCert); + int newSigs = numSigsAfter - numSigsBefore; + int numUidsBefore = count(existingCert.getPublicKey().getUserIDs()); + int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs()); + int newUids = numUidsAfter - numUidsBefore; + + if (!existingCert.equals(mergedCert)) { + OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert); + StringBuilder sb = new StringBuilder(); + sb.append(String.format("Certificate %s has", fingerprint)); + if (newSigs != 0) { + sb.append(String.format(" %d new signatures", newSigs)); + } + if (newUids != 0) { + if (newSigs != 0) { + sb.append(" and"); + } + sb.append(String.format(" %d new UIDs", newUids)); + } + if (newSigs == 0 && newUids == 0) { + sb.append(" changed"); + } + + // In this case it is okay to print to stdout, since we are a CLI app + // CHECKSTYLE:OFF + System.out.println(sb); + // CHECKSTYLE:ON + } + } + + private int countSigs(PGPPublicKeyRing keys) { + int numSigs = 0; + for (PGPPublicKey key : keys) { + numSigs += count(key.getSignatures()); + } + return numSigs; + } + + // TODO: Use CollectionUtils.count() once available + private int count(Iterator iterator) { + int num = 0; + while (iterator.hasNext()) { + iterator.next(); + num++; + } + return num; + } + }; + } + + /** + * Return an implementation of {@link CertificateMerger} that ignores the existing certificate and instead + * returns the first instance. + * + * @return overriding callback + */ + public static CertificateMerger overrideCertificate() { + // noinspection Convert2Lambda + return new CertificateMerger() { + @Override + public Certificate merge(Certificate data, Certificate existing) { + return data; + } + }; + } + + public static KeyMerger overrideKey() { + // noinspection Convert2Lambda + return new KeyMerger() { + @Override + public Key merge(Key data, Key existing) { + return data; + } + }; + } +} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index fe0f1b0..4c10cd2 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -5,6 +5,7 @@ package pgp.cert_d.cli; import org.pgpainless.certificate_store.CertificateReader; +import org.pgpainless.certificate_store.KeyReader; import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter; import pgp.cert_d.BaseDirectoryProvider; import pgp.cert_d.SharedPGPCertificateDirectoryImpl; @@ -12,6 +13,7 @@ import pgp.cert_d.cli.commands.Export; import pgp.cert_d.cli.commands.Get; import pgp.cert_d.cli.commands.Insert; import pgp.cert_d.cli.commands.Import; +import pgp.cert_d.cli.commands.Setup; import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookup; import pgp.cert_d.jdbc.sqlite.SqliteSubkeyLookupDaoImpl; import pgp.certificate_store.SubkeyLookup; @@ -26,15 +28,19 @@ import java.sql.SQLException; name = "certificate-store", description = "Store and manage public OpenPGP certificates", subcommands = { + CommandLine.HelpCommand.class, Export.class, Insert.class, Import.class, Get.class, + Setup.class } ) public class PGPCertDCli { - @CommandLine.Option(names = "--base-directory", paramLabel = "DIRECTORY", description = "Overwrite the default certificate directory") + @CommandLine.Option(names = {"-s", "--store"}, paramLabel = "DIRECTORY", + description = "Overwrite the default certificate directory path", + scope = CommandLine.ScopeType.INHERIT) File baseDirectory; private static CertificateDirectory certificateDirectory; @@ -57,7 +63,8 @@ public class PGPCertDCli { certificateDirectory = new SharedPGPCertificateDirectoryImpl( baseDirectory, - new CertificateReader()); + new CertificateReader(), + new KeyReader()); subkeyLookup = new DatabaseSubkeyLookup( SqliteSubkeyLookupDaoImpl.forDatabaseFile(new File(baseDirectory, "_pgpainless_subkey_map.db"))); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/DefaultMergeCallback.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/DefaultMergeCallback.java deleted file mode 100644 index 2a679af..0000000 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/DefaultMergeCallback.java +++ /dev/null @@ -1,85 +0,0 @@ -// SPDX-FileCopyrightText: 2022 Paul Schaub -// -// SPDX-License-Identifier: Apache-2.0 - -package pgp.cert_d.cli.commands; - -import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKey; -import org.bouncycastle.openpgp.PGPPublicKeyRing; -import org.pgpainless.PGPainless; -import org.pgpainless.certificate_store.CertificateFactory; -import org.pgpainless.key.OpenPgpFingerprint; -import pgp.certificate_store.Certificate; -import pgp.certificate_store.MergeCallback; - -import java.io.IOException; -import java.util.Iterator; - -public class DefaultMergeCallback implements MergeCallback { - - @Override - public Certificate merge(Certificate data, Certificate existing) throws IOException { - try { - PGPPublicKeyRing existingCert = PGPainless.readKeyRing().publicKeyRing(existing.getInputStream()); - PGPPublicKeyRing updatedCert = PGPainless.readKeyRing().publicKeyRing(data.getInputStream()); - PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert); - - printOutDifferences(existingCert, mergedCert); - - return CertificateFactory.certificateFromPublicKeyRing(mergedCert); - } catch (PGPException e) { - throw new RuntimeException(e); - } - } - - private void printOutDifferences(PGPPublicKeyRing existingCert, PGPPublicKeyRing mergedCert) { - int numSigsBefore = countSigs(existingCert); - int numSigsAfter = countSigs(mergedCert); - int newSigs = numSigsAfter - numSigsBefore; - int numUidsBefore = count(existingCert.getPublicKey().getUserIDs()); - int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs()); - int newUids = numUidsAfter - numUidsBefore; - - if (!existingCert.equals(mergedCert)) { - OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert); - StringBuilder sb = new StringBuilder(); - sb.append(String.format("Certificate %s has", fingerprint)); - if (newSigs != 0) { - sb.append(String.format(" %d new signatures", newSigs)); - } - if (newUids != 0) { - if (newSigs != 0) { - sb.append(" and"); - } - sb.append(String.format(" %d new UIDs", newUids)); - } - if (newSigs == 0 && newUids == 0) { - sb.append(" changed"); - } - - // In this case it is okay to print to stdout, since we are a CLI app - // CHECKSTYLE:OFF - System.out.println(sb); - // CHECKSTYLE:ON - } - } - - private static int countSigs(PGPPublicKeyRing keys) { - int numSigs = 0; - for (PGPPublicKey key : keys) { - numSigs += count(key.getSignatures()); - } - return numSigs; - } - - // TODO: Use CollectionUtils.count() once available - private static int count(Iterator iterator) { - int num = 0; - while (iterator.hasNext()) { - iterator.next(); - num++; - } - return num; - } -} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index a62d11a..9169963 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -10,9 +10,9 @@ import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.pgpainless.PGPainless; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; import pgp.certificate_store.Certificate; -import pgp.certificate_store.MergeCallback; import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; @@ -24,7 +24,6 @@ import java.io.IOException; public class Import implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(Import.class); - private final MergeCallback mergeCallback = new DefaultMergeCallback(); @Override public void run() { @@ -33,7 +32,7 @@ public class Import implements Runnable { for (PGPPublicKeyRing cert : certificates) { ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); Certificate certificate = PGPCertDCli.getCertificateDirectory() - .insertCertificate(certIn, mergeCallback); + .insertCertificate(certIn, MergeCallbacks.mergeCertificates()); } } catch (IOException e) { LOGGER.error("IO-Error.", e); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java index 2dfa0e8..ad76bb7 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java @@ -6,9 +6,9 @@ package pgp.cert_d.cli.commands; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; import pgp.certificate_store.Certificate; -import pgp.certificate_store.MergeCallback; import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; @@ -19,12 +19,12 @@ import java.io.IOException; public class Insert implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(Insert.class); - private final MergeCallback mergeCallback = new DefaultMergeCallback(); @Override public void run() { try { - Certificate certificate = PGPCertDCli.getCertificateDirectory().insertCertificate(System.in, mergeCallback); + Certificate certificate = PGPCertDCli.getCertificateDirectory() + .insertCertificate(System.in, MergeCallbacks.mergeCertificates()); } catch (IOException e) { LOGGER.error("IO-Error.", e); System.exit(-1); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java new file mode 100644 index 0000000..854d4ea --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java @@ -0,0 +1,107 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli.commands; + +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.pgpainless.PGPainless; +import org.pgpainless.algorithm.KeyFlag; +import org.pgpainless.key.generation.KeyRingBuilder; +import org.pgpainless.key.generation.KeySpec; +import org.pgpainless.key.generation.type.KeyType; +import org.pgpainless.key.generation.type.eddsa.EdDSACurve; +import org.pgpainless.util.Passphrase; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import pgp.cert_d.cli.MergeCallbacks; +import pgp.cert_d.cli.PGPCertDCli; +import pgp.certificate_store.exception.BadDataException; +import picocli.CommandLine; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; + +@CommandLine.Command(name = "setup", + description = "Setup a new certificate directory") +public class Setup implements Runnable { + + public static final Logger LOGGER = LoggerFactory.getLogger(Setup.class); + + @CommandLine.ArgGroup() + Exclusive exclusive; + + static class Exclusive { + @CommandLine.Option(names = "--with-password", + paramLabel = "PASSWORD", + description = "Ask for a password for the trust-root key") + String password; + + @CommandLine.Option(names = "--import-from-stdin", + description = "Import trust-root from stdin") + boolean importFromStdin; + } + + + @Override + public void run() { + PGPSecretKeyRing trustRoot; + if (exclusive == null) { + trustRoot = generateTrustRoot(Passphrase.emptyPassphrase()); + } else { + if (exclusive.importFromStdin) { + trustRoot = readTrustRoot(System.in); + } else { + trustRoot = generateTrustRoot(Passphrase.fromPassword(exclusive.password.trim())); + } + } + + try { + InputStream inputStream = new ByteArrayInputStream(trustRoot.getEncoded()); + PGPCertDCli.getCertificateDirectory().insertTrustRoot(inputStream, MergeCallbacks.overrideKey()); + + } catch (BadDataException e) { + throw new RuntimeException(e); + } catch (IOException e) { + LOGGER.error("IO error.", e); + System.exit(-1); + } catch (InterruptedException e) { + LOGGER.error("Thread interrupted.", e); + System.exit(-1); + } + } + + private PGPSecretKeyRing generateTrustRoot(Passphrase passphrase) { + PGPSecretKeyRing trustRoot; + KeyRingBuilder builder = PGPainless.buildKeyRing() + .addUserId("trust-root"); + if (passphrase != null) { + builder.setPassphrase(passphrase); + } + builder.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER)); + try { + trustRoot = builder.build(); + } catch (NoSuchAlgorithmException | PGPException | InvalidAlgorithmParameterException e) { + throw new RuntimeException("Cannot generate trust-root OpenPGP key", e); + } + return trustRoot; + } + + private PGPSecretKeyRing readTrustRoot(InputStream inputStream) { + try { + PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(inputStream); + if (secretKeys == null) { + throw new BadDataException(); + } + return secretKeys; + } catch (IOException e) { + throw new RuntimeException("Cannot read trust-root OpenPGP key", e); + } catch (BadDataException e) { + throw new RuntimeException("trust-root does not contain OpenPGP key", e); + } + } +} diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java new file mode 100644 index 0000000..aa461b0 --- /dev/null +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java @@ -0,0 +1,49 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package org.pgpainless.certificate_store; + +import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.util.encoders.Base64; +import org.pgpainless.PGPainless; +import pgp.certificate_store.Certificate; +import pgp.certificate_store.Key; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +public class KeyFactory { + + public static Key keyFromSecretKeyRing(PGPSecretKeyRing secretKeyRing) { + + return new Key() { + @Override + public Certificate getCertificate() { + PGPPublicKeyRing publicKeys = PGPainless.extractCertificate(secretKeyRing); + return CertificateFactory.certificateFromPublicKeyRing(publicKeys); + } + + @Override + public InputStream getInputStream() throws IOException { + return new ByteArrayInputStream(secretKeyRing.getEncoded()); + } + + @Override + public String getTag() throws IOException { + MessageDigest digest; + try { + digest = MessageDigest.getInstance("SHA-256"); + } catch (NoSuchAlgorithmException e) { + throw new AssertionError("No MessageDigest for SHA-256 instantiated, although BC is on the classpath: " + e.getMessage()); + } + digest.update(secretKeyRing.getEncoded()); + return Base64.toBase64String(digest.digest()); + } + }; + } +} diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyReader.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyReader.java new file mode 100644 index 0000000..c18569b --- /dev/null +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyReader.java @@ -0,0 +1,23 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package org.pgpainless.certificate_store; + +import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.pgpainless.PGPainless; +import pgp.certificate_store.Key; +import pgp.certificate_store.KeyReaderBackend; +import pgp.certificate_store.exception.BadDataException; + +import java.io.IOException; +import java.io.InputStream; + +public class KeyReader implements KeyReaderBackend { + + @Override + public Key readKey(InputStream data) throws IOException, BadDataException { + final PGPSecretKeyRing key = PGPainless.readKeyRing().secretKeyRing(data); + return KeyFactory.keyFromSecretKeyRing(key); + } +} diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java index 6cb2ace..968485b 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java @@ -15,8 +15,10 @@ import pgp.cert_d.SharedPGPCertificateDirectory; import pgp.cert_d.SpecialNames; import pgp.certificate_store.Certificate; import pgp.certificate_store.CertificateDirectory; +import pgp.certificate_store.CertificateMerger; import pgp.certificate_store.CertificateStore; -import pgp.certificate_store.MergeCallback; +import pgp.certificate_store.Key; +import pgp.certificate_store.KeyMerger; import pgp.certificate_store.SubkeyLookup; import pgp.certificate_store.exception.BadDataException; import pgp.certificate_store.exception.BadNameException; @@ -66,7 +68,7 @@ public class SharedPGPCertificateDirectoryAdapter } @Override - public Certificate insertCertificate(InputStream data, MergeCallback merge) + public Certificate insertCertificate(InputStream data, CertificateMerger merge) throws IOException, InterruptedException, BadDataException { Certificate certificate = directory.insert(data, merge); storeIdentifierForSubkeys(certificate); @@ -74,7 +76,7 @@ public class SharedPGPCertificateDirectoryAdapter } @Override - public Certificate tryInsertCertificate(InputStream data, MergeCallback merge) + public Certificate tryInsertCertificate(InputStream data, CertificateMerger merge) throws IOException, BadDataException { Certificate certificate = directory.tryInsert(data, merge); storeIdentifierForSubkeys(certificate); @@ -82,13 +84,13 @@ public class SharedPGPCertificateDirectoryAdapter } @Override - public Certificate insertCertificateBySpecialName(String specialName, InputStream data, MergeCallback merge) + public Certificate insertCertificateBySpecialName(String specialName, InputStream data, CertificateMerger merge) throws IOException, InterruptedException, BadDataException, BadNameException { return directory.insertWithSpecialName(specialName, data, merge); } @Override - public Certificate tryInsertCertificateBySpecialName(String specialName, InputStream data, MergeCallback merge) + public Certificate tryInsertCertificateBySpecialName(String specialName, InputStream data, CertificateMerger merge) throws IOException, BadDataException, BadNameException { return directory.tryInsertWithSpecialName(specialName, data, merge); } @@ -120,4 +122,24 @@ public class SharedPGPCertificateDirectoryAdapter public void storeCertificateSubkeyIds(String certificate, List subkeyIds) throws IOException { subkeyLookup.storeCertificateSubkeyIds(certificate, subkeyIds); } + + @Override + public Key getTrustRoot() throws IOException, BadDataException { + return directory.getTrustRoot(); + } + + @Override + public Key getTrustRootIfChanged(String tag) throws IOException, BadDataException { + return directory.getTrustRootIfChanged(tag); + } + + @Override + public Key insertTrustRoot(InputStream data, KeyMerger keyMerger) throws IOException, InterruptedException, BadDataException { + return directory.insertTrustRoot(data, keyMerger); + } + + @Override + public Key tryInsertTrustRoot(InputStream data, KeyMerger keyMerger) throws IOException, BadDataException { + return directory.tryInsertTrustRoot(data, keyMerger); + } } diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java index b82f151..d5cc211 100644 --- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java @@ -27,6 +27,7 @@ import org.bouncycastle.util.io.Streams; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.pgpainless.certificate_store.CertificateReader; +import org.pgpainless.certificate_store.KeyReader; import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter; import pgp.cert_d.InMemorySubkeyLookup; import pgp.cert_d.SharedPGPCertificateDirectoryImpl; @@ -50,7 +51,7 @@ public class SharedPGPCertificateDirectoryAdapterTest { @BeforeEach public void setupInstance() throws IOException, NotAStoreException { adapter = new SharedPGPCertificateDirectoryAdapter( - new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader()), + new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader(), new KeyReader()), new InMemorySubkeyLookup()); store = adapter; } diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java index 7826746..c43f749 100644 --- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java @@ -33,6 +33,7 @@ import org.junit.jupiter.params.provider.MethodSource; import org.pgpainless.PGPainless; import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.certificate_store.CertificateReader; +import org.pgpainless.certificate_store.KeyReader; import org.pgpainless.key.OpenPgpFingerprint; import org.pgpainless.key.generation.KeySpec; import org.pgpainless.key.generation.type.KeyType; @@ -41,15 +42,15 @@ import pgp.cert_d.CachingSharedPGPCertificateDirectoryWrapper; import pgp.cert_d.FileLockingMechanism; import pgp.cert_d.SharedPGPCertificateDirectory; import pgp.cert_d.SharedPGPCertificateDirectoryImpl; +import pgp.certificate_store.CertificateMerger; import pgp.certificate_store.exception.BadDataException; import pgp.certificate_store.exception.BadNameException; import pgp.certificate_store.exception.NotAStoreException; import pgp.certificate_store.Certificate; -import pgp.certificate_store.MergeCallback; public class SharedPGPCertificateDirectoryTest { - private static MergeCallback dummyMerge = new MergeCallback() { + private static CertificateMerger dummyMerge = new CertificateMerger() { @Override public Certificate merge(Certificate data, Certificate existing) { return data; @@ -58,9 +59,9 @@ public class SharedPGPCertificateDirectoryTest { private static Stream provideTestSubjects() throws IOException, NotAStoreException { return Stream.of( - new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader()), + new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader(), new KeyReader()), new CachingSharedPGPCertificateDirectoryWrapper( - new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader())) + new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader(), new KeyReader())) ); } diff --git a/version.gradle b/version.gradle index 905f77c..a7ce230 100644 --- a/version.gradle +++ b/version.gradle @@ -13,7 +13,7 @@ allprojects { junitVersion = '5.8.2' mockitoVersion = '4.5.1' pgpainlessVersion = '1.2.1' - pgpCertDJavaVersion = '0.1.1' + pgpCertDJavaVersion = '0.1.2-SNAPSHOT' picocliVersion = '4.6.3' } } From 73525092e8ba8fd138bc93fdc1a9cdfa53b0da33 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 1 Aug 2022 17:30:40 +0200 Subject: [PATCH 29/63] Add woodpecker CI --- .reuse/dep5 | 4 ++++ .woodpecker/.build.yml | 12 ++++++++++++ .woodpecker/.reuse.yml | 7 +++++++ 3 files changed, 23 insertions(+) create mode 100644 .woodpecker/.build.yml create mode 100644 .woodpecker/.reuse.yml diff --git a/.reuse/dep5 b/.reuse/dep5 index 2853568..3bc4763 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -14,3 +14,7 @@ Files: gradle* Copyright: 2015 the original author or authors. License: Apache-2.0 +# Woodpecker build files +Files: .woodpecker/* +Copyright: 2022 the original author or authors. +License: Apache-2.0 diff --git a/.woodpecker/.build.yml b/.woodpecker/.build.yml new file mode 100644 index 0000000..f504b44 --- /dev/null +++ b/.woodpecker/.build.yml @@ -0,0 +1,12 @@ +pipeline: + run: + image: gradle:7.5-jdk8 + commands: + - git checkout $CI_COMMIT_BRANCH + # Code works + - gradle test + # Code is clean + - gradle check javadocAll + # Code has coverage + - gradle jacocoRootReport coveralls + secrets: [COVERALLS_REPO_TOKEN] diff --git a/.woodpecker/.reuse.yml b/.woodpecker/.reuse.yml new file mode 100644 index 0000000..58f17e6 --- /dev/null +++ b/.woodpecker/.reuse.yml @@ -0,0 +1,7 @@ +# Code is licensed properly +# See https://reuse.software/ +pipeline: + reuse: + image: fsfe/reuse:latest + commands: + - reuse lint \ No newline at end of file From a02af58160e9737913acbb0a02cdcdd795d3e474 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 1 Aug 2022 17:35:32 +0200 Subject: [PATCH 30/63] Add badges for CI and Coveralls --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index aa8997e..e7e9981 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,10 @@ SPDX-License-Identifier: Apache-2.0 --> # Shared PGP Certificate Directory for Java +[![status-badge](https://ci.codeberg.org/api/badges/PGPainless/cert-d-pgpainless/status.svg)](https://ci.codeberg.org/PGPainless/cert-d-pgpainless) +[![Coverage Status](https://coveralls.io/repos/github/pgpainless/cert-d-pgpainless/badge.svg?branch=main)](https://coveralls.io/github/pgpainless/cert-d-pgpainless?branch=main) +[![REUSE status](https://api.reuse.software/badge/github.com/pgpainless/cert-d-pgpainless)](https://api.reuse.software/info/github.com/pgpainless/cert-d-pgpainless) + This repository contains implementations of the [Shared PGP Certificate Directory](https://sequoia-pgp.gitlab.io/pgp-cert-d/) specification using [PGPainless](https://pgpainless.org) as backend. The module `pgpainless-cert-d` can be used as a drop-in implementation of From 20c6bc4c366b57386129a007f161d2e78a2ddd2a Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 4 Aug 2022 13:46:36 +0200 Subject: [PATCH 31/63] Add support for i18n using resource bundles --- .../src/main/java/pgp/cert_d/cli/PGPCertDCli.java | 3 +-- .../main/java/pgp/cert_d/cli/commands/Export.java | 2 +- .../src/main/java/pgp/cert_d/cli/commands/Get.java | 5 ++--- .../main/java/pgp/cert_d/cli/commands/Import.java | 2 +- .../main/java/pgp/cert_d/cli/commands/Insert.java | 2 +- .../main/java/pgp/cert_d/cli/commands/Setup.java | 5 ++--- .../src/main/resources/msg_export.properties | 11 +++++++++++ .../src/main/resources/msg_export_de.properties | 11 +++++++++++ .../src/main/resources/msg_get.properties | 12 ++++++++++++ .../src/main/resources/msg_get_de.properties | 12 ++++++++++++ .../src/main/resources/msg_import.properties | 11 +++++++++++ .../src/main/resources/msg_import_de.properties | 11 +++++++++++ .../src/main/resources/msg_insert.properties | 11 +++++++++++ .../src/main/resources/msg_insert_de.properties | 11 +++++++++++ .../src/main/resources/msg_pgp-cert-d.properties | 11 +++++++++++ .../src/main/resources/msg_pgp-cert-d_de.properties | 11 +++++++++++ .../src/main/resources/msg_setup.properties | 13 +++++++++++++ .../src/main/resources/msg_setup_de.properties | 13 +++++++++++++ 18 files changed, 146 insertions(+), 11 deletions(-) create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_export.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_get.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_import.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_import_de.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_insert.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_insert_de.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_pgp-cert-d.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_pgp-cert-d_de.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_setup.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_setup_de.properties diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index 4c10cd2..e87944e 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -26,7 +26,7 @@ import java.sql.SQLException; @CommandLine.Command( name = "certificate-store", - description = "Store and manage public OpenPGP certificates", + resourceBundle = "msg_pgp-cert-d", subcommands = { CommandLine.HelpCommand.class, Export.class, @@ -39,7 +39,6 @@ import java.sql.SQLException; public class PGPCertDCli { @CommandLine.Option(names = {"-s", "--store"}, paramLabel = "DIRECTORY", - description = "Overwrite the default certificate directory path", scope = CommandLine.ScopeType.INHERIT) File baseDirectory; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java index 4e61bc2..555d169 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java @@ -16,7 +16,7 @@ import java.io.InputStream; import java.util.Iterator; @CommandLine.Command(name = "export", - description = "Export all certificates in the store to Standard Output") + resourceBundle = "msg_export") public class Export implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(Get.class); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java index bbcbe0d..861790a 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java @@ -16,15 +16,14 @@ import pgp.certificate_store.exception.BadNameException; import picocli.CommandLine; @CommandLine.Command(name = "get", - description = "Retrieve certificates from the store") + resourceBundle = "msg_get") public class Get implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(Get.class); @CommandLine.Parameters( paramLabel = "IDENTIFIER", - arity = "1", - description = "Certificate identifier (fingerprint or special name)" + arity = "1" ) String identifer; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index 9169963..80b19d9 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -20,7 +20,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; @CommandLine.Command(name = "import", - description = "Import certificates into the store from Standard Input") + resourceBundle = "msg_import") public class Import implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(Import.class); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java index ad76bb7..437003d 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java @@ -15,7 +15,7 @@ import picocli.CommandLine; import java.io.IOException; @CommandLine.Command(name = "insert", - description = "Insert or update a certificate") + resourceBundle = "msg_insert") public class Insert implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(Insert.class); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java index 854d4ea..bb94de7 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java @@ -27,7 +27,7 @@ import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; @CommandLine.Command(name = "setup", - description = "Setup a new certificate directory") + resourceBundle = "msg_setup") public class Setup implements Runnable { public static final Logger LOGGER = LoggerFactory.getLogger(Setup.class); @@ -37,8 +37,7 @@ public class Setup implements Runnable { static class Exclusive { @CommandLine.Option(names = "--with-password", - paramLabel = "PASSWORD", - description = "Ask for a password for the trust-root key") + paramLabel = "PASSWORD") String password; @CommandLine.Option(names = "--import-from-stdin", diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_export.properties b/pgpainless-cert-d-cli/src/main/resources/msg_export.properties new file mode 100644 index 0000000..8d6b59a --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_export.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Export all certificates in the store to Standard Output + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Usage:\u0020 +usage.commandListHeading = %nCommands:%n +usage.optionListHeading = %nOptions:%n +usage.footerHeading=Powered by picocli%n +store=Overwrite the default certificate directory path diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties new file mode 100644 index 0000000..2a7a2e1 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Exportiere alle gespeicherten Zertifikate zur Standardausgabe + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Aufruf:\u0020 +usage.commandListHeading=%nBefehle:%n +usage.optionListHeading = %nOptionen:%n +usage.footerHeading=Powered by Picocli%n +store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_get.properties b/pgpainless-cert-d-cli/src/main/resources/msg_get.properties new file mode 100644 index 0000000..5e04944 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_get.properties @@ -0,0 +1,12 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Retrieve certificates from the store +IDENTIFIER[0]=Certificate identifier (fingerprint or special name) + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Usage:\u0020 +usage.commandListHeading = %nCommands:%n +usage.optionListHeading = %nOptions:%n +usage.footerHeading=Powered by picocli%n +store=Overwrite the default certificate directory path diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties new file mode 100644 index 0000000..36fd12b --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties @@ -0,0 +1,12 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Frage Zertifikate aus dem Speicher ab +IDENTIFIER[0]=Zertifikatskennung (Fingerabdruck oder Spezialname) + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Aufruf:\u0020 +usage.commandListHeading=%nBefehle:%n +usage.optionListHeading = %nOptionen:%n +usage.footerHeading=Powered by Picocli%n +store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_import.properties b/pgpainless-cert-d-cli/src/main/resources/msg_import.properties new file mode 100644 index 0000000..329a392 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_import.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Import certificates into the store from Standard Input + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Usage:\u0020 +usage.commandListHeading = %nCommands:%n +usage.optionListHeading = %nOptions:%n +usage.footerHeading=Powered by picocli%n +store=Overwrite the default certificate directory path diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_import_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_import_de.properties new file mode 100644 index 0000000..82c0016 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_import_de.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Importiere Zertifikate von der Standardeingabe in den Speicher + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Aufruf:\u0020 +usage.commandListHeading=%nBefehle:%n +usage.optionListHeading = %nOptionen:%n +usage.footerHeading=Powered by Picocli%n +store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_insert.properties b/pgpainless-cert-d-cli/src/main/resources/msg_insert.properties new file mode 100644 index 0000000..c1b81f8 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_insert.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Insert or update a certificate + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Usage:\u0020 +usage.commandListHeading = %nCommands:%n +usage.optionListHeading = %nOptions:%n +usage.footerHeading=Powered by picocli%n +store=Overwrite the default certificate directory path diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_insert_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_insert_de.properties new file mode 100644 index 0000000..1f479a2 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_insert_de.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Aktualisiere oder importiere ein Zertifikat + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Aufruf:\u0020 +usage.commandListHeading=%nBefehle:%n +usage.optionListHeading = %nOptionen:%n +usage.footerHeading=Powered by Picocli%n +store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_pgp-cert-d.properties b/pgpainless-cert-d-cli/src/main/resources/msg_pgp-cert-d.properties new file mode 100644 index 0000000..4882e8e --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_pgp-cert-d.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Store and manage public OpenPGP certificates +store=Overwrite the default certificate directory path + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Usage:\u0020 +usage.commandListHeading = %nCommands:%n +usage.optionListHeading = %nOptions:%n +usage.footerHeading=Powered by picocli%n diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_pgp-cert-d_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_pgp-cert-d_de.properties new file mode 100644 index 0000000..0c5c4fb --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_pgp-cert-d_de.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Speichere und verwalte öffentliche OpenPGP Zertifikate +store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Aufruf:\u0020 +usage.commandListHeading=%nBefehle:%n +usage.optionListHeading = %nOptionen:%n +usage.footerHeading=Powered by Picocli%n diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_setup.properties b/pgpainless-cert-d-cli/src/main/resources/msg_setup.properties new file mode 100644 index 0000000..a6f60bb --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_setup.properties @@ -0,0 +1,13 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Setup a new certificate directory +with-password=Ask for a password for the trust-root key +import-from-stdin=Import trust-root from stdin + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Usage:\u0020 +usage.commandListHeading = %nCommands:%n +usage.optionListHeading = %nOptions:%n +usage.footerHeading=Powered by picocli%n +store=Overwrite the default certificate directory path diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_setup_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_setup_de.properties new file mode 100644 index 0000000..933f726 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_setup_de.properties @@ -0,0 +1,13 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Richte ein neues Zertifikatsverzeichnis ein +with-password=Frage nach einem Passwort für den trust-root Schlüssel +import-from-stdin=Importiere trust-root Schlüssel von Standardeingabe + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Aufruf:\u0020 +usage.commandListHeading=%nBefehle:%n +usage.optionListHeading = %nOptionen:%n +usage.footerHeading=Powered by Picocli%n +store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses From 47e521be01da6b8664ea5f3a14d6fcfb682f2e8e Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 8 Aug 2022 14:00:50 +0200 Subject: [PATCH 32/63] Adopt changes from cert-d-java and pgpainless-core --- .../main/java/pgp/cert_d/cli/PGPCertDCli.java | 2 -- .../certificate_store/CertificateReader.java | 22 ------------------- .../certificate_store/KeyFactory.java | 5 +++++ .../certificate_store/KeyReader.java | 16 ++++++++++---- ...redPGPCertificateDirectoryAdapterTest.java | 3 +-- .../SharedPGPCertificateDirectoryTest.java | 13 +++++------ version.gradle | 2 +- 7 files changed, 25 insertions(+), 38 deletions(-) delete mode 100644 pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateReader.java diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index e87944e..355c999 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -4,7 +4,6 @@ package pgp.cert_d.cli; -import org.pgpainless.certificate_store.CertificateReader; import org.pgpainless.certificate_store.KeyReader; import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter; import pgp.cert_d.BaseDirectoryProvider; @@ -62,7 +61,6 @@ public class PGPCertDCli { certificateDirectory = new SharedPGPCertificateDirectoryImpl( baseDirectory, - new CertificateReader(), new KeyReader()); subkeyLookup = new DatabaseSubkeyLookup( SqliteSubkeyLookupDaoImpl.forDatabaseFile(new File(baseDirectory, "_pgpainless_subkey_map.db"))); diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateReader.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateReader.java deleted file mode 100644 index 5e3068a..0000000 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateReader.java +++ /dev/null @@ -1,22 +0,0 @@ -// SPDX-FileCopyrightText: 2022 Paul Schaub -// -// SPDX-License-Identifier: Apache-2.0 - -package org.pgpainless.certificate_store; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.openpgp.PGPPublicKeyRing; -import org.pgpainless.PGPainless; -import pgp.certificate_store.Certificate; -import pgp.certificate_store.CertificateReaderBackend; - -public class CertificateReader implements CertificateReaderBackend { - - @Override - public Certificate readCertificate(InputStream inputStream) throws IOException { - final PGPPublicKeyRing certificate = PGPainless.readKeyRing().publicKeyRing(inputStream); - return CertificateFactory.certificateFromPublicKeyRing(certificate); - } -} diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java index aa461b0..64ebf10 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java @@ -22,6 +22,11 @@ public class KeyFactory { public static Key keyFromSecretKeyRing(PGPSecretKeyRing secretKeyRing) { return new Key() { + @Override + public String getFingerprint() { + return getCertificate().getFingerprint(); + } + @Override public Certificate getCertificate() { PGPPublicKeyRing publicKeys = PGPainless.extractCertificate(secretKeyRing); diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyReader.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyReader.java index c18569b..bc8f371 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyReader.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyReader.java @@ -4,9 +4,11 @@ package org.pgpainless.certificate_store; +import org.bouncycastle.openpgp.PGPKeyRing; +import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.pgpainless.PGPainless; -import pgp.certificate_store.Key; +import pgp.certificate_store.KeyMaterial; import pgp.certificate_store.KeyReaderBackend; import pgp.certificate_store.exception.BadDataException; @@ -16,8 +18,14 @@ import java.io.InputStream; public class KeyReader implements KeyReaderBackend { @Override - public Key readKey(InputStream data) throws IOException, BadDataException { - final PGPSecretKeyRing key = PGPainless.readKeyRing().secretKeyRing(data); - return KeyFactory.keyFromSecretKeyRing(key); + public KeyMaterial read(InputStream data) throws IOException, BadDataException { + final PGPKeyRing keyRing = PGPainless.readKeyRing().keyRing(data); + if (keyRing instanceof PGPPublicKeyRing) { + return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) keyRing); + } else if (keyRing instanceof PGPSecretKeyRing) { + return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) keyRing); + } else { + throw new BadDataException(); + } } } diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java index d5cc211..5a42690 100644 --- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java @@ -26,7 +26,6 @@ import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.util.io.Streams; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.pgpainless.certificate_store.CertificateReader; import org.pgpainless.certificate_store.KeyReader; import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter; import pgp.cert_d.InMemorySubkeyLookup; @@ -51,7 +50,7 @@ public class SharedPGPCertificateDirectoryAdapterTest { @BeforeEach public void setupInstance() throws IOException, NotAStoreException { adapter = new SharedPGPCertificateDirectoryAdapter( - new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader(), new KeyReader()), + new SharedPGPCertificateDirectoryImpl(tempDir(), new KeyReader()), new InMemorySubkeyLookup()); store = adapter; } diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java index c43f749..d6a4902 100644 --- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java @@ -32,7 +32,6 @@ import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; import org.pgpainless.PGPainless; import org.pgpainless.algorithm.KeyFlag; -import org.pgpainless.certificate_store.CertificateReader; import org.pgpainless.certificate_store.KeyReader; import org.pgpainless.key.OpenPgpFingerprint; import org.pgpainless.key.generation.KeySpec; @@ -59,9 +58,9 @@ public class SharedPGPCertificateDirectoryTest { private static Stream provideTestSubjects() throws IOException, NotAStoreException { return Stream.of( - new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader(), new KeyReader()), + new SharedPGPCertificateDirectoryImpl(tempDir(), new KeyReader()), new CachingSharedPGPCertificateDirectoryWrapper( - new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader(), new KeyReader())) + new SharedPGPCertificateDirectoryImpl(tempDir(), new KeyReader())) ); } @@ -76,7 +75,7 @@ public class SharedPGPCertificateDirectoryTest { public void simpleInsertGet(SharedPGPCertificateDirectory directory) throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, BadDataException, InterruptedException, BadNameException { - PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice", null); + PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice"); PGPPublicKeyRing cert = PGPainless.extractCertificate(key); OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(cert); ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); @@ -133,7 +132,7 @@ public class SharedPGPCertificateDirectoryTest { BadDataException, InterruptedException { assumeTrue(directory.getLock() instanceof FileLockingMechanism); - PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice", null); + PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice"); PGPPublicKeyRing cert = PGPainless.extractCertificate(key); ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); @@ -150,7 +149,7 @@ public class SharedPGPCertificateDirectoryTest { throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, BadDataException, InterruptedException, BadNameException { - PGPSecretKeyRing trustRootKey = PGPainless.generateKeyRing().modernKeyRing("Alice", null); + PGPSecretKeyRing trustRootKey = PGPainless.generateKeyRing().modernKeyRing("Alice"); PGPPublicKeyRing trustRootCert = PGPainless.extractCertificate(trustRootKey); OpenPgpFingerprint trustRootFingerprint = OpenPgpFingerprint.of(trustRootCert); ByteArrayInputStream trustRootCertIn = new ByteArrayInputStream(trustRootCert.getEncoded()); @@ -159,7 +158,7 @@ public class SharedPGPCertificateDirectoryTest { final int certificateCount = 3; Map certificateMap = new HashMap<>(); for (int i = 0; i < certificateCount; i++) { - PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice", null); + PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice"); PGPPublicKeyRing cert = PGPainless.extractCertificate(key); OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(cert); certificateMap.put(fingerprint.toString().toLowerCase(), cert); diff --git a/version.gradle b/version.gradle index a7ce230..90264e0 100644 --- a/version.gradle +++ b/version.gradle @@ -12,7 +12,7 @@ allprojects { logbackVersion = '1.2.11' junitVersion = '5.8.2' mockitoVersion = '4.5.1' - pgpainlessVersion = '1.2.1' + pgpainlessVersion = '1.3.5-SNAPSHOT' pgpCertDJavaVersion = '0.1.2-SNAPSHOT' picocliVersion = '4.6.3' } From 338530b1bc6e0665635a661c2bd734edece38de3 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 8 Aug 2022 15:03:54 +0200 Subject: [PATCH 33/63] Fix duplicate logging binding problem --- pgpainless-cert-d-cli/build.gradle | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/pgpainless-cert-d-cli/build.gradle b/pgpainless-cert-d-cli/build.gradle index 2dcb9f9..4c64b45 100644 --- a/pgpainless-cert-d-cli/build.gradle +++ b/pgpainless-cert-d-cli/build.gradle @@ -4,6 +4,7 @@ plugins { id 'application' + id "com.github.johnrengelman.shadow" version "6.1.0" } group 'org.pgpainless' @@ -18,7 +19,7 @@ dependencies { testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion" // Logging - testImplementation "ch.qos.logback:logback-classic:$logbackVersion" + implementation ("org.slf4j:slf4j-nop:$slf4jVersion") // pgp.cert.d using PGPainless implementation project(":pgpainless-cert-d") @@ -36,8 +37,13 @@ test { mainClassName = 'pgp.cert_d.cli.PGPCertDCli' +application { + mainClass = mainClassName +} + +/* jar { - dependsOn(":pgpainless-cert-d:assemble") + dependsOn(":pgpainless-cert-d:jar") manifest { attributes 'Main-Class': "$mainClassName" } @@ -52,4 +58,5 @@ jar { exclude "META-INF/*.RSA" } } + */ From 6a16d0cff554cc9eaf2b3a306904cb1d44fdc49d Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 8 Aug 2022 15:04:22 +0200 Subject: [PATCH 34/63] Implement armor option for export command --- .../java/pgp/cert_d/cli/commands/Export.java | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java index 555d169..8a9027a 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java @@ -4,6 +4,7 @@ package pgp.cert_d.cli.commands; +import org.bouncycastle.bcpg.ArmoredOutputStream; import org.bouncycastle.util.io.Streams; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -13,28 +14,40 @@ import picocli.CommandLine; import java.io.IOException; import java.io.InputStream; +import java.io.OutputStream; import java.util.Iterator; @CommandLine.Command(name = "export", resourceBundle = "msg_export") public class Export implements Runnable { - private static final Logger LOGGER = LoggerFactory.getLogger(Get.class); + private static final Logger LOGGER = LoggerFactory.getLogger(Export.class); + + @CommandLine.Option(names = {"-a", "--armor"}) + boolean armor = false; @Override public void run() { Iterator certificates = PGPCertDCli.getCertificateDirectory() .getCertificates(); + OutputStream out = armor ? new ArmoredOutputStream(System.out) : System.out; while (certificates.hasNext()) { try { Certificate certificate = certificates.next(); InputStream inputStream = certificate.getInputStream(); - Streams.pipeAll(inputStream, System.out); + Streams.pipeAll(inputStream, out); inputStream.close(); } catch (IOException e) { LOGGER.error("IO Error", e); System.exit(-1); } } + if (armor) { + try { + out.close(); + } catch (IOException e) { + throw new RuntimeException(e); + } + } } } From 3267a330bfd702adb84c0225d489207231a531f1 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 8 Aug 2022 15:04:34 +0200 Subject: [PATCH 35/63] Implement very basic list command --- .../main/java/pgp/cert_d/cli/PGPCertDCli.java | 4 ++- .../java/pgp/cert_d/cli/commands/List.java | 29 +++++++++++++++++++ .../src/main/resources/msg_list.properties | 11 +++++++ .../src/main/resources/msg_list_de.properties | 11 +++++++ 4 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_list.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_list_de.properties diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index 355c999..f742d01 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -12,6 +12,7 @@ import pgp.cert_d.cli.commands.Export; import pgp.cert_d.cli.commands.Get; import pgp.cert_d.cli.commands.Insert; import pgp.cert_d.cli.commands.Import; +import pgp.cert_d.cli.commands.List; import pgp.cert_d.cli.commands.Setup; import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookup; import pgp.cert_d.jdbc.sqlite.SqliteSubkeyLookupDaoImpl; @@ -32,7 +33,8 @@ import java.sql.SQLException; Insert.class, Import.class, Get.class, - Setup.class + Setup.class, + List.class } ) public class PGPCertDCli { diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java new file mode 100644 index 0000000..8c888c2 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java @@ -0,0 +1,29 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli.commands; + +import pgp.cert_d.cli.PGPCertDCli; +import pgp.certificate_store.Certificate; +import picocli.CommandLine; + +import java.util.Iterator; + +@CommandLine.Command(name = "list", + resourceBundle = "msg_list" +) +public class List implements Runnable { + + @Override + public void run() { + Iterator certificates = PGPCertDCli.getCertificateDirectory() + .getCertificates(); + while (certificates.hasNext()) { + Certificate certificate = certificates.next(); + // CHECKSTYLE:OFF + System.out.println(certificate.getFingerprint()); + // CHECKSTYLE:ON + } + } +} diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_list.properties b/pgpainless-cert-d-cli/src/main/resources/msg_list.properties new file mode 100644 index 0000000..f58dd82 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_list.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=List all certificates in the directory +store=Overwrite the default certificate directory path + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Usage:\u0020 +usage.commandListHeading = %nCommands:%n +usage.optionListHeading = %nOptions:%n +usage.footerHeading=Powered by picocli%n diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_list_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_list_de.properties new file mode 100644 index 0000000..2385597 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_list_de.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Liste alle Zertifikate im Verzeichnis auf +store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Aufruf:\u0020 +usage.commandListHeading=%nBefehle:%n +usage.optionListHeading = %nOptionen:%n +usage.footerHeading=Powered by Picocli%n From c7cdf4c35362157d50cb583d58eae0f2512549f9 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Tue, 9 Aug 2022 18:34:42 +0200 Subject: [PATCH 36/63] Adopt changes from cert-d-java rewrite --- .../java/pgp/cert_d/cli/MergeCallbacks.java | 28 +-- .../main/java/pgp/cert_d/cli/PGPCertDCli.java | 24 +- .../java/pgp/cert_d/cli/commands/Export.java | 4 +- .../java/pgp/cert_d/cli/commands/Get.java | 8 +- .../java/pgp/cert_d/cli/commands/Import.java | 6 +- .../java/pgp/cert_d/cli/commands/Insert.java | 6 +- .../java/pgp/cert_d/cli/commands/List.java | 4 +- .../java/pgp/cert_d/cli/commands/Setup.java | 2 +- .../certificate_store/CertificateFactory.java | 2 +- .../certificate_store/KeyFactory.java | 10 +- ...{KeyReader.java => KeyMaterialReader.java} | 18 +- .../certificate_store/PGPainlessCertD.java | 36 +++ .../SharedPGPCertificateDirectoryAdapter.java | 145 ----------- ...redPGPCertificateDirectoryAdapterTest.java | 230 ------------------ .../SharedPGPCertificateDirectoryTest.java | 61 ++--- 15 files changed, 101 insertions(+), 483 deletions(-) rename pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/{KeyReader.java => KeyMaterialReader.java} (61%) create mode 100644 pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java delete mode 100644 pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java delete mode 100644 pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java index 02fb292..aba0342 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java @@ -10,10 +10,8 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.pgpainless.PGPainless; import org.pgpainless.certificate_store.CertificateFactory; import org.pgpainless.key.OpenPgpFingerprint; -import pgp.certificate_store.Certificate; -import pgp.certificate_store.CertificateMerger; -import pgp.certificate_store.Key; -import pgp.certificate_store.KeyMerger; +import pgp.certificate.KeyMaterial; +import pgp.certificate.KeyMaterialMerger; import java.io.IOException; import java.util.Iterator; @@ -21,16 +19,16 @@ import java.util.Iterator; public class MergeCallbacks { /** - * Return a {@link CertificateMerger} that merges the two copies of the same certificate (same primary key) into one + * Return a {@link KeyMaterialMerger} that merges the two copies of the same certificate (same primary key) into one * combined certificate. * * @return merging callback */ - public static CertificateMerger mergeCertificates() { - return new CertificateMerger() { + public static KeyMaterialMerger mergeCertificates() { + return new KeyMaterialMerger() { @Override - public Certificate merge(Certificate data, Certificate existing) throws IOException { + public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) throws IOException { try { PGPPublicKeyRing existingCert = PGPainless.readKeyRing().publicKeyRing(existing.getInputStream()); PGPPublicKeyRing updatedCert = PGPainless.readKeyRing().publicKeyRing(data.getInputStream()); @@ -97,26 +95,26 @@ public class MergeCallbacks { } /** - * Return an implementation of {@link CertificateMerger} that ignores the existing certificate and instead + * Return an implementation of {@link KeyMaterialMerger} that ignores the existing certificate and instead * returns the first instance. * * @return overriding callback */ - public static CertificateMerger overrideCertificate() { + public static KeyMaterialMerger overrideCertificate() { // noinspection Convert2Lambda - return new CertificateMerger() { + return new KeyMaterialMerger() { @Override - public Certificate merge(Certificate data, Certificate existing) { + public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) { return data; } }; } - public static KeyMerger overrideKey() { + public static KeyMaterialMerger overrideKey() { // noinspection Convert2Lambda - return new KeyMerger() { + return new KeyMaterialMerger() { @Override - public Key merge(Key data, Key existing) { + public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) { return data; } }; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index f742d01..cb44fdd 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -4,21 +4,15 @@ package pgp.cert_d.cli; -import org.pgpainless.certificate_store.KeyReader; -import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter; +import org.pgpainless.certificate_store.PGPainlessCertD; import pgp.cert_d.BaseDirectoryProvider; -import pgp.cert_d.SharedPGPCertificateDirectoryImpl; +import pgp.cert_d.NotAStoreException; import pgp.cert_d.cli.commands.Export; import pgp.cert_d.cli.commands.Get; import pgp.cert_d.cli.commands.Insert; import pgp.cert_d.cli.commands.Import; import pgp.cert_d.cli.commands.List; import pgp.cert_d.cli.commands.Setup; -import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookup; -import pgp.cert_d.jdbc.sqlite.SqliteSubkeyLookupDaoImpl; -import pgp.certificate_store.SubkeyLookup; -import pgp.certificate_store.exception.NotAStoreException; -import pgp.certificate_store.CertificateDirectory; import picocli.CommandLine; import java.io.File; @@ -43,7 +37,7 @@ public class PGPCertDCli { scope = CommandLine.ScopeType.INHERIT) File baseDirectory; - private static CertificateDirectory certificateDirectory; + private static PGPainlessCertD certificateDirectory; private int executionStrategy(CommandLine.ParseResult parseResult) { try { @@ -55,19 +49,11 @@ public class PGPCertDCli { } private void initStore() throws NotAStoreException, SQLException { - SharedPGPCertificateDirectoryImpl certificateDirectory; - SubkeyLookup subkeyLookup; if (baseDirectory == null) { baseDirectory = BaseDirectoryProvider.getDefaultBaseDir(); } - certificateDirectory = new SharedPGPCertificateDirectoryImpl( - baseDirectory, - new KeyReader()); - subkeyLookup = new DatabaseSubkeyLookup( - SqliteSubkeyLookupDaoImpl.forDatabaseFile(new File(baseDirectory, "_pgpainless_subkey_map.db"))); - - PGPCertDCli.certificateDirectory = new SharedPGPCertificateDirectoryAdapter(certificateDirectory, subkeyLookup); + PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory); } public static void main(String[] args) { @@ -77,7 +63,7 @@ public class PGPCertDCli { .execute(args); } - public static CertificateDirectory getCertificateDirectory() { + public static PGPainlessCertD getCertificateDirectory() { return certificateDirectory; } } diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java index 8a9027a..7e06e58 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java @@ -9,7 +9,7 @@ import org.bouncycastle.util.io.Streams; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate_store.Certificate; +import pgp.certificate.Certificate; import picocli.CommandLine; import java.io.IOException; @@ -29,7 +29,7 @@ public class Export implements Runnable { @Override public void run() { Iterator certificates = PGPCertDCli.getCertificateDirectory() - .getCertificates(); + .items(); OutputStream out = armor ? new ArmoredOutputStream(System.out) : System.out; while (certificates.hasNext()) { try { diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java index 861790a..c5ce49b 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java @@ -9,10 +9,10 @@ import java.io.IOException; import org.bouncycastle.util.io.Streams; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import pgp.cert_d.BadDataException; +import pgp.cert_d.BadNameException; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate_store.Certificate; -import pgp.certificate_store.exception.BadDataException; -import pgp.certificate_store.exception.BadNameException; +import pgp.certificate.Certificate; import picocli.CommandLine; @CommandLine.Command(name = "get", @@ -31,7 +31,7 @@ public class Get implements Runnable { public void run() { try { Certificate certificate = PGPCertDCli.getCertificateDirectory() - .getCertificate(identifer); + .getByFingerprint(identifer); if (certificate == null) { return; } diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index 80b19d9..d201b84 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -10,10 +10,10 @@ import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.pgpainless.PGPainless; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import pgp.cert_d.BadDataException; import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate_store.Certificate; -import pgp.certificate_store.exception.BadDataException; +import pgp.certificate.Certificate; import picocli.CommandLine; import java.io.ByteArrayInputStream; @@ -32,7 +32,7 @@ public class Import implements Runnable { for (PGPPublicKeyRing cert : certificates) { ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); Certificate certificate = PGPCertDCli.getCertificateDirectory() - .insertCertificate(certIn, MergeCallbacks.mergeCertificates()); + .insert(certIn, MergeCallbacks.mergeCertificates()); } } catch (IOException e) { LOGGER.error("IO-Error.", e); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java index 437003d..30020a8 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java @@ -6,10 +6,10 @@ package pgp.cert_d.cli.commands; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import pgp.cert_d.BadDataException; import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate_store.Certificate; -import pgp.certificate_store.exception.BadDataException; +import pgp.certificate.Certificate; import picocli.CommandLine; import java.io.IOException; @@ -24,7 +24,7 @@ public class Insert implements Runnable { public void run() { try { Certificate certificate = PGPCertDCli.getCertificateDirectory() - .insertCertificate(System.in, MergeCallbacks.mergeCertificates()); + .insert(System.in, MergeCallbacks.mergeCertificates()); } catch (IOException e) { LOGGER.error("IO-Error.", e); System.exit(-1); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java index 8c888c2..cedf1ff 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java @@ -5,7 +5,7 @@ package pgp.cert_d.cli.commands; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate_store.Certificate; +import pgp.certificate.Certificate; import picocli.CommandLine; import java.util.Iterator; @@ -18,7 +18,7 @@ public class List implements Runnable { @Override public void run() { Iterator certificates = PGPCertDCli.getCertificateDirectory() - .getCertificates(); + .items(); while (certificates.hasNext()) { Certificate certificate = certificates.next(); // CHECKSTYLE:OFF diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java index bb94de7..e1a4b5e 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java @@ -15,9 +15,9 @@ import org.pgpainless.key.generation.type.eddsa.EdDSACurve; import org.pgpainless.util.Passphrase; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import pgp.cert_d.BadDataException; import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; import java.io.ByteArrayInputStream; diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java index e4b40c1..1757491 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java @@ -8,7 +8,7 @@ import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.util.encoders.Base64; import org.pgpainless.key.OpenPgpFingerprint; -import pgp.certificate_store.Certificate; +import pgp.certificate.Certificate; import java.io.ByteArrayInputStream; import java.io.IOException; diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java index 64ebf10..d71777b 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java @@ -8,14 +8,15 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.util.encoders.Base64; import org.pgpainless.PGPainless; -import pgp.certificate_store.Certificate; -import pgp.certificate_store.Key; +import pgp.certificate.Certificate; +import pgp.certificate.Key; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.util.Set; public class KeyFactory { @@ -49,6 +50,11 @@ public class KeyFactory { digest.update(secretKeyRing.getEncoded()); return Base64.toBase64String(digest.digest()); } + + @Override + public Set getSubkeyIds() throws IOException { + return getCertificate().getSubkeyIds(); + } }; } } diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyReader.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java similarity index 61% rename from pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyReader.java rename to pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java index bc8f371..7af37f3 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyReader.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java @@ -8,22 +8,22 @@ import org.bouncycastle.openpgp.PGPKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.pgpainless.PGPainless; -import pgp.certificate_store.KeyMaterial; -import pgp.certificate_store.KeyReaderBackend; -import pgp.certificate_store.exception.BadDataException; +import pgp.cert_d.BadDataException; +import pgp.certificate.KeyMaterial; +import pgp.certificate.KeyMaterialReaderBackend; import java.io.IOException; import java.io.InputStream; -public class KeyReader implements KeyReaderBackend { +public class KeyMaterialReader implements KeyMaterialReaderBackend { @Override public KeyMaterial read(InputStream data) throws IOException, BadDataException { - final PGPKeyRing keyRing = PGPainless.readKeyRing().keyRing(data); - if (keyRing instanceof PGPPublicKeyRing) { - return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) keyRing); - } else if (keyRing instanceof PGPSecretKeyRing) { - return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) keyRing); + PGPKeyRing keyMaterial = PGPainless.readKeyRing().keyRing(data); + if (keyMaterial instanceof PGPSecretKeyRing) { + return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) keyMaterial); + } else if (keyMaterial instanceof PGPPublicKeyRing) { + return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) keyMaterial); } else { throw new BadDataException(); } diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java new file mode 100644 index 0000000..8dcb1ba --- /dev/null +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java @@ -0,0 +1,36 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package org.pgpainless.certificate_store; + +import pgp.cert_d.BaseDirectoryProvider; +import pgp.cert_d.FileBasedCertificateDirectoryBackend; +import pgp.cert_d.InMemoryCertificateDirectoryBackend; +import pgp.cert_d.NotAStoreException; +import pgp.cert_d.PGPCertificateDirectory; + +import java.io.File; + +public class PGPainlessCertD extends PGPCertificateDirectory { + + private static final KeyMaterialReader keyMaterialReader = new KeyMaterialReader(); + + public PGPainlessCertD(Backend backend) { + super(backend); + } + + public static PGPainlessCertD inMemory() { + Backend backend = new InMemoryCertificateDirectoryBackend(keyMaterialReader); + return new PGPainlessCertD(backend); + } + + public static PGPainlessCertD fileBased() throws NotAStoreException { + return fileBased(BaseDirectoryProvider.getDefaultBaseDir()); + } + + public static PGPainlessCertD fileBased(File baseDirectory) throws NotAStoreException { + Backend backend = new FileBasedCertificateDirectoryBackend(baseDirectory, keyMaterialReader); + return new PGPainlessCertD(backend); + } +} diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java deleted file mode 100644 index 968485b..0000000 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java +++ /dev/null @@ -1,145 +0,0 @@ -// SPDX-FileCopyrightText: 2022 Paul Schaub -// -// SPDX-License-Identifier: Apache-2.0 - -package org.pgpainless.certificate_store; - -import java.io.IOException; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import pgp.cert_d.SharedPGPCertificateDirectory; -import pgp.cert_d.SpecialNames; -import pgp.certificate_store.Certificate; -import pgp.certificate_store.CertificateDirectory; -import pgp.certificate_store.CertificateMerger; -import pgp.certificate_store.CertificateStore; -import pgp.certificate_store.Key; -import pgp.certificate_store.KeyMerger; -import pgp.certificate_store.SubkeyLookup; -import pgp.certificate_store.exception.BadDataException; -import pgp.certificate_store.exception.BadNameException; - -/** - * Adapter class used to adapt the {@link SharedPGPCertificateDirectory} for use with - * {@link CertificateDirectory}. - */ -public class SharedPGPCertificateDirectoryAdapter - implements CertificateStore { - - private final SharedPGPCertificateDirectory directory; - private final SubkeyLookup subkeyLookup; - - /** - * Create an adapter to use {@link SharedPGPCertificateDirectory} objects as {@link CertificateDirectory CertificateStores}. - * - * @param directory directory instance - */ - public SharedPGPCertificateDirectoryAdapter(SharedPGPCertificateDirectory directory, SubkeyLookup subkeyLookup) { - this.directory = directory; - this.subkeyLookup = subkeyLookup; - } - - @Override - public Certificate getCertificate(String identifier) - throws IOException, BadDataException, BadNameException { - String specialName = SpecialNames.lookupSpecialName(identifier); - if (specialName != null) { - return directory.getBySpecialName(specialName); - } - - return directory.getByFingerprint(identifier.toLowerCase()); - - } - - @Override - public Certificate getCertificateIfChanged(String identifier, String tag) - throws IOException, BadDataException, BadNameException { - String specialName = SpecialNames.lookupSpecialName(identifier); - if (specialName != null) { - return directory.getBySpecialNameIfChanged(specialName, tag); - } - - return directory.getByFingerprintIfChanged(identifier.toLowerCase(), tag); - - } - - @Override - public Certificate insertCertificate(InputStream data, CertificateMerger merge) - throws IOException, InterruptedException, BadDataException { - Certificate certificate = directory.insert(data, merge); - storeIdentifierForSubkeys(certificate); - return certificate; - } - - @Override - public Certificate tryInsertCertificate(InputStream data, CertificateMerger merge) - throws IOException, BadDataException { - Certificate certificate = directory.tryInsert(data, merge); - storeIdentifierForSubkeys(certificate); - return certificate; - } - - @Override - public Certificate insertCertificateBySpecialName(String specialName, InputStream data, CertificateMerger merge) - throws IOException, InterruptedException, BadDataException, BadNameException { - return directory.insertWithSpecialName(specialName, data, merge); - } - - @Override - public Certificate tryInsertCertificateBySpecialName(String specialName, InputStream data, CertificateMerger merge) - throws IOException, BadDataException, BadNameException { - return directory.tryInsertWithSpecialName(specialName, data, merge); - } - - @Override - public Iterator getCertificates() { - return directory.items(); - } - - @Override - public Iterator getFingerprints() { - return directory.fingerprints(); - } - - private void storeIdentifierForSubkeys(Certificate certificate) throws IOException { - if (certificate == null) { - return; - } - String fingerprint = certificate.getFingerprint(); - storeCertificateSubkeyIds(fingerprint, new ArrayList<>(certificate.getSubkeyIds())); - } - - @Override - public Set getCertificateFingerprintsForSubkeyId(long subkeyId) throws IOException { - return subkeyLookup.getCertificateFingerprintsForSubkeyId(subkeyId); - } - - @Override - public void storeCertificateSubkeyIds(String certificate, List subkeyIds) throws IOException { - subkeyLookup.storeCertificateSubkeyIds(certificate, subkeyIds); - } - - @Override - public Key getTrustRoot() throws IOException, BadDataException { - return directory.getTrustRoot(); - } - - @Override - public Key getTrustRootIfChanged(String tag) throws IOException, BadDataException { - return directory.getTrustRootIfChanged(tag); - } - - @Override - public Key insertTrustRoot(InputStream data, KeyMerger keyMerger) throws IOException, InterruptedException, BadDataException { - return directory.insertTrustRoot(data, keyMerger); - } - - @Override - public Key tryInsertTrustRoot(InputStream data, KeyMerger keyMerger) throws IOException, BadDataException { - return directory.tryInsertTrustRoot(data, keyMerger); - } -} diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java deleted file mode 100644 index 5a42690..0000000 --- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java +++ /dev/null @@ -1,230 +0,0 @@ -// SPDX-FileCopyrightText: 2022 Paul Schaub -// -// SPDX-License-Identifier: Apache-2.0 - -package org.pgpainless.cert_d; - -import static org.junit.jupiter.api.Assertions.assertArrayEquals; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; -import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertNull; -import static org.junit.jupiter.api.Assertions.assertThrows; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.IOException; -import java.nio.file.Files; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; - -import org.bouncycastle.util.encoders.Hex; -import org.bouncycastle.util.io.Streams; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.pgpainless.certificate_store.KeyReader; -import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter; -import pgp.cert_d.InMemorySubkeyLookup; -import pgp.cert_d.SharedPGPCertificateDirectoryImpl; -import pgp.certificate_store.CertificateStore; -import pgp.certificate_store.exception.BadDataException; -import pgp.certificate_store.exception.BadNameException; -import pgp.certificate_store.exception.NotAStoreException; -import pgp.certificate_store.Certificate; - -public class SharedPGPCertificateDirectoryAdapterTest { - - private static final String testCertificate = "98330462069cc616092b06010401da470f010107400db5906b09f701ab1f7f96087eedab6ba44c02fcbd2470137cfeacac5a2d032db405416c696365888f0413160a0041050262069cc609906f054e826378552516a104505b134a7e62f0f154ec3d036f054e8263785525029e01029b01059602030100048b09080705950a09080b0299010000a12600fd117925c0f2192ef5b2a44e3d3038e2a7ce5ba0343fc2dfb661a3a46d1276fb380100bf2872e7e36b63f61ae3556464c4a04344e7d36e0d7313e623effb0290ce0b0fb8380462069cc6120a2b06010401975501050101074034ffd523242385fe92034a5e326a82f4edff614516cc1028ca91fb653557f25b0301080788750418160a001d050262069cc6029e01029b0c059602030100048b09080705950a09080b000a09106f054e8263785525391400ff4eb85df8ddfc15e94c9cf28bc0aa9d0426b571ca64c5421be5889d5410d8632f00fd1ac5e9aed683e711282489d8980222d2ceff15c5ce0499fcb36716d850749406b8330462069cc616092b06010401da470f0101074058f296fb7ce456039856144db677f14018963a8bfd281c84aaeebe7e14df8f1c88d50418160a007d050262069cc6029e01029b02059602030100048b09080705950a09080b5f200419160a0006050262069cc6000a09108119c86e0a4c6dc73a7600ff5e25427da84d824cc3f8890bc6bd037f423f610006e1249b1aad3d7f70ac47a100fc08e67a6a945c1feec301df9dc27e7ea4e61d107d0720e814eea1dc4f1da20a08000a09106f054e8263785525359700ff4ce78cf267c261468322de906118d4f003ceefa72fa3b86119e26f99be3727fc00fe3895207c4aac814549f0189d2f494f5b1fcee7f6da344e63a0c32743b216b406"; - private static final String testCertFingerprint = "505b134a7e62f0f154ec3d036f054e8263785525"; - private static final long testCertificateSubkey1 = 7999886635015099685L; - private static final long testCertificateSubkey2 = -5375724347241457298L; - private static final long testCertificateSubkey3 = -9144057193454342713L; - - private SharedPGPCertificateDirectoryAdapter adapter; - private CertificateStore store; - - @BeforeEach - public void setupInstance() throws IOException, NotAStoreException { - adapter = new SharedPGPCertificateDirectoryAdapter( - new SharedPGPCertificateDirectoryImpl(tempDir(), new KeyReader()), - new InMemorySubkeyLookup()); - store = adapter; - } - - private static File tempDir() throws IOException { - File tempDir = Files.createTempDirectory("pgp.cert.d-").toFile(); - tempDir.deleteOnExit(); - return tempDir; - } - - @Test - public void getNonExistentCertIsNull() throws IOException, BadDataException, BadNameException { - assertNull(store.getCertificate("eb85bb5fa33a75e15e944e63f231550c4f47e38e")); - } - - @Test - public void getInvalidIdentifierThrows() { - assertThrows(BadNameException.class, () -> store.getCertificate("invalid")); - } - - @Test - public void insertAndGet() throws IOException, InterruptedException, BadDataException, BadNameException { - byte[] bytes = Hex.decode(testCertificate); - ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes); - String fingerprint = testCertFingerprint; - - Certificate certificate = store.insertCertificate(byteIn, (data, existing) -> data); - - assertEquals(fingerprint, certificate.getFingerprint()); - Set expectedSubkeys = new HashSet<>(Arrays.asList(testCertificateSubkey1, testCertificateSubkey2, testCertificateSubkey3)); - Set subkeys = certificate.getSubkeyIds(); - assertEquals(expectedSubkeys, subkeys); - for (long subkey : subkeys) { - assertEquals(Collections.singleton(fingerprint), store.getCertificateFingerprintsForSubkeyId(subkey)); - } - - Certificate retrieved = store.getCertificate(fingerprint); - assertNotNull(retrieved); - ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream(); - Streams.pipeAll(retrieved.getInputStream(), retrievedOut); - - assertArrayEquals(bytes, retrievedOut.toByteArray()); - } - - - @Test - public void tryInsertAndGet() throws IOException, BadDataException, BadNameException { - byte[] bytes = Hex.decode(testCertificate); - ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes); - String fingerprint = testCertFingerprint; - - Certificate certificate = store.tryInsertCertificate(byteIn, (data, existing) -> data); - - assertEquals(fingerprint, certificate.getFingerprint()); - Set subkeys = certificate.getSubkeyIds(); - assertEquals(3, subkeys.size()); - for (long subkey : subkeys) { - assertEquals(Collections.singleton(fingerprint), store.getCertificateFingerprintsForSubkeyId(subkey)); - } - - Certificate retrieved = store.getCertificate(fingerprint); - assertNotNull(retrieved); - ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream(); - Streams.pipeAll(retrieved.getInputStream(), retrievedOut); - - assertArrayEquals(bytes, retrievedOut.toByteArray()); - } - - - @Test - public void insertAndGetIfChanged() throws IOException, InterruptedException, BadDataException, BadNameException { - byte[] bytes = Hex.decode(testCertificate); - ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes); - String fingerprint = testCertFingerprint; - - Certificate certificate = store.insertCertificate(byteIn, (data, existing) -> data); - String tag = certificate.getTag(); - - assertNull(store.getCertificateIfChanged(fingerprint, tag)); - assertNotNull(store.getCertificateIfChanged(fingerprint, "invalid")); - } - - @Test - public void insertBySpecialNameAndGet() throws IOException, InterruptedException, BadDataException, BadNameException { - byte[] bytes = Hex.decode(testCertificate); - ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes); - String fingerprint = testCertFingerprint; - String identifier = "trust-root"; - - Certificate certificate = store.insertCertificateBySpecialName(identifier, byteIn, (data, existing) -> data); - - assertEquals(fingerprint, certificate.getFingerprint()); - - Certificate retrieved = store.getCertificate(identifier); - assertNotNull(retrieved); - ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream(); - Streams.pipeAll(retrieved.getInputStream(), retrievedOut); - - assertArrayEquals(bytes, retrievedOut.toByteArray()); - } - - @Test - public void tryInsertBySpecialNameAndGet() throws IOException, BadDataException, BadNameException { - byte[] bytes = Hex.decode(testCertificate); - ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes); - String fingerprint = testCertFingerprint; - String identifier = "trust-root"; - - Certificate certificate = store.tryInsertCertificateBySpecialName(identifier, byteIn, (data, existing) -> data); - - assertEquals(fingerprint, certificate.getFingerprint()); - - Certificate retrieved = store.getCertificate(identifier); - assertNotNull(retrieved); - ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream(); - Streams.pipeAll(retrieved.getInputStream(), retrievedOut); - - assertArrayEquals(bytes, retrievedOut.toByteArray()); - } - - @Test - public void insertBySpecialNameAndGetIfChanged() throws IOException, InterruptedException, BadDataException, BadNameException { - byte[] bytes = Hex.decode(testCertificate); - ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes); - String fingerprint = testCertFingerprint; - String identifier = "trust-root"; - - Certificate certificate = store.insertCertificateBySpecialName(identifier, byteIn, (data, existing) -> data); - String tag = certificate.getTag(); - - certificate = store.getCertificateIfChanged(identifier, tag); - assertNull(certificate); - certificate = store.getCertificateIfChanged(identifier, "invalid"); - assertNotNull(certificate); - assertEquals(fingerprint, certificate.getFingerprint()); - } - - @Test - public void getItemsAndFingerprints() throws IOException, InterruptedException, BadDataException, BadNameException { - byte[] bytes1 = Hex.decode(testCertificate); - ByteArrayInputStream byteIn1 = new ByteArrayInputStream(bytes1); - Certificate firstCert = store.insertCertificate(byteIn1, (data, existing) -> data); - - byte[] bytes2 = Hex.decode("9833046206a37516092b06010401da470f010107409f55baab1599044096ba901d69854cf5307b84b0542871b15db3dd4c62664f37b403426f62888f0413160a004105026206a3750990ba01b5a9eea7e76716a104f1d47fb85ad74549a37974f3ba01b5a9eea7e767029e01029b01059602030100048b09080705950a09080b0299010000e6170100e08374a6fd32d0b4be2d3f7c75d3f6c13cb47b1b73589aa452a1b2a16b888b5000fe274e6565ab9faa34338cf4d805663f8775fdee4ec6a0fdf1ec2cf84b72907f05b838046206a375120a2b0601040197550105010107405641e74d2dda92003ce200422c3ab6f3562fc49a8ecc67ea02593988442b23780301080788750418160a001d05026206a375029e01029b0c059602030100048b09080705950a09080b000a0910ba01b5a9eea7e76732850100910a6049779773f455226cd91645884842b91017796287a634104ab5364a0c0d00fe20b5febb17de271394f31128f709c307c0bbca4f9502570744bd54e6dc9c2209b833046206a37516092b06010401da470f0101074059f008928cb69b48bed07a639f03f43a48808aade67109cd658f54bddefa5ec288d50418160a007d05026206a375029e01029b02059602030100048b09080705950a09080b5f200419160a000605026206a375000a0910dcdb34f4068368c0dffb010095fb1f6daac239bf3221d9d2ecc81b6cb258c2b058a300a7e103f7f36a58bf1900fe273a9eaaa03b613236df22bebcbbd69d7c02caf1b7af4fa29320c8d96d32310f000a0910ba01b5a9eea7e7671de20100a5044d24a9d860f9af7e8b9a095d4eac8820fad8b045e70be1ae5607fa4d6b4f010097b53d1527f3b3e3d3b78367c8269c999ee37575a51ffc582f73d2cba4df080f"); - ByteArrayInputStream byteIn2 = new ByteArrayInputStream(bytes2); - Certificate secondCert = store.insertCertificate(byteIn2, ((data, existing) -> data)); - - String trustRootHex = "9833046206a57e16092b06010401da470f010107401ad7351d9766843bf11a8414f68790df0649fad8b01c244323f47e4ebc87fc35b40a74727573742d726f6f74888f0413160a004105026206a57f09907c619691ddee5fc216a10489e1e05cb458758d0729eb0c7c619691ddee5fc2029e01029b01059602030100048b09080705950a09080b029901000080c100ff45d97dda133895e337416266f1ff2c38ff3947ecfbfe21328d51bc877ccba367010096698a5fbac9444b7b28b96389c66ca405821f04871f1bbbf5b5bf8b800f9104b838046206a57f120a2b06010401975501050101074074ff41705c50e8f27b18df40a53aded6cacd2ce4f88b471c7130036010ca60240301080788750418160a001d05026206a57f029e01029b0c059602030100048b09080705950a09080b000a09107c619691ddee5fc27b3c0100fba12230adf80a6a7a376b9568481ab4ae86628274db67412074cb4a846011a200ff437e4047bbafec42b41594b296f8be93fc03482b2d35ac92e87ce632b86bc900b833046206a57f16092b06010401da470f01010740ce99f97d1f0b5aa2f4e6f2a7a2aa231da8c2a2f489a593b747983a750f3928ae88d50418160a007d05026206a57f029e01029b02059602030100048b09080705950a09080b5f200419160a000605026206a57f000a0910b905cb706dec67e3f6050100a7ae51ea07f3d0d493fd1fdfbcbbe112c19de8dbbd29e03ba5e755345444402300fe2663252eeca21772012c5dc4eb9efa4e01566dffbb44e7d1536181eb3f8b420e000a09107c619691ddee5fc2a4190100fdbedf9defd5d30bad77937a5589441ef336028613a6fcfc4a959bee51de134e00fd128628567b66fa03ef099d6936324f7593e2060608b433828d336dda552e2c04"; - byte[] trustRootBytes = Hex.decode(trustRootHex); - ByteArrayInputStream trustRootIn = new ByteArrayInputStream(trustRootBytes); - Certificate trustRoot = store.insertCertificateBySpecialName("trust-root", trustRootIn, (data, existing) -> data); - - Set expectedFingerprints = new HashSet<>(); - expectedFingerprints.add(firstCert.getFingerprint()); - expectedFingerprints.add(secondCert.getFingerprint()); - - Iterator certificateIterator = store.getCertificates(); - Set actualFingerprints = new HashSet<>(); - Certificate c = certificateIterator.next(); - actualFingerprints.add(c.getFingerprint()); - c = certificateIterator.next(); - actualFingerprints.add(c.getFingerprint()); - assertFalse(certificateIterator.hasNext()); - - assertEquals(expectedFingerprints, actualFingerprints); - assertFalse(actualFingerprints.contains(trustRoot.getFingerprint())); - - Iterator fingerprintIterator = store.getFingerprints(); - actualFingerprints = new HashSet<>(); - actualFingerprints.add(fingerprintIterator.next()); - actualFingerprints.add(fingerprintIterator.next()); - assertFalse(fingerprintIterator.hasNext()); - - assertEquals(expectedFingerprints, actualFingerprints); - assertFalse(actualFingerprints.contains(trustRoot.getFingerprint())); - } -} diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java index d6a4902..6d3fb26 100644 --- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java @@ -8,7 +8,6 @@ import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; -import static org.junit.jupiter.api.Assumptions.assumeTrue; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; @@ -32,36 +31,30 @@ import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; import org.pgpainless.PGPainless; import org.pgpainless.algorithm.KeyFlag; -import org.pgpainless.certificate_store.KeyReader; +import org.pgpainless.certificate_store.PGPainlessCertD; import org.pgpainless.key.OpenPgpFingerprint; import org.pgpainless.key.generation.KeySpec; import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.eddsa.EdDSACurve; -import pgp.cert_d.CachingSharedPGPCertificateDirectoryWrapper; -import pgp.cert_d.FileLockingMechanism; -import pgp.cert_d.SharedPGPCertificateDirectory; -import pgp.cert_d.SharedPGPCertificateDirectoryImpl; -import pgp.certificate_store.CertificateMerger; -import pgp.certificate_store.exception.BadDataException; -import pgp.certificate_store.exception.BadNameException; -import pgp.certificate_store.exception.NotAStoreException; -import pgp.certificate_store.Certificate; +import pgp.cert_d.BadDataException; +import pgp.cert_d.BadNameException; +import pgp.cert_d.NotAStoreException; +import pgp.certificate.Certificate; +import pgp.certificate.KeyMaterial; +import pgp.certificate.KeyMaterialMerger; public class SharedPGPCertificateDirectoryTest { - private static CertificateMerger dummyMerge = new CertificateMerger() { + private static KeyMaterialMerger dummyMerge = new KeyMaterialMerger() { @Override - public Certificate merge(Certificate data, Certificate existing) { + public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) { return data; } }; - private static Stream provideTestSubjects() throws IOException, NotAStoreException { + private static Stream provideTestSubjects() throws IOException, NotAStoreException { return Stream.of( - new SharedPGPCertificateDirectoryImpl(tempDir(), new KeyReader()), - new CachingSharedPGPCertificateDirectoryWrapper( - new SharedPGPCertificateDirectoryImpl(tempDir(), new KeyReader())) - ); + PGPainlessCertD.fileBased(tempDir())); } private static File tempDir() throws IOException { @@ -72,7 +65,7 @@ public class SharedPGPCertificateDirectoryTest { @ParameterizedTest @MethodSource("provideTestSubjects") - public void simpleInsertGet(SharedPGPCertificateDirectory directory) + public void simpleInsertGet(PGPainlessCertD directory) throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, BadDataException, InterruptedException, BadNameException { PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice"); @@ -87,10 +80,6 @@ public class SharedPGPCertificateDirectoryTest { Certificate certificate = directory.insert(certIn, dummyMerge); assertEquals(fingerprint.toString().toLowerCase(), certificate.getFingerprint()); - // getIfChanged - assertNull(directory.getByFingerprintIfChanged(certificate.getFingerprint(), certificate.getTag())); - assertNotNull(directory.getByFingerprintIfChanged(certificate.getFingerprint(), "invalidTag")); - // tryInsert certIn = new ByteArrayInputStream(cert.getEncoded()); assertNotNull(directory.tryInsert(certIn, dummyMerge)); @@ -98,7 +87,7 @@ public class SharedPGPCertificateDirectoryTest { @ParameterizedTest @MethodSource("provideTestSubjects") - public void simpleInsertGetBySpecialName(SharedPGPCertificateDirectory directory) + public void simpleInsertGetBySpecialName(PGPainlessCertD directory) throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, BadDataException, InterruptedException, BadNameException { PGPSecretKeyRing key = PGPainless.buildKeyRing() @@ -116,10 +105,6 @@ public class SharedPGPCertificateDirectoryTest { Certificate certificate = directory.insertWithSpecialName("trust-root", certIn, dummyMerge); assertEquals(fingerprint.toString().toLowerCase(), certificate.getFingerprint()); - // getIfChanged - assertNull(directory.getBySpecialNameIfChanged("trust-root", certificate.getTag())); - assertNotNull(directory.getBySpecialNameIfChanged("trust-root", "invalidTag")); - // tryInsert certIn = new ByteArrayInputStream(trustRoot.getEncoded()); assertNotNull(directory.tryInsertWithSpecialName("trust-root", certIn, dummyMerge)); @@ -127,25 +112,7 @@ public class SharedPGPCertificateDirectoryTest { @ParameterizedTest @MethodSource("provideTestSubjects") - public void tryInsertFailsWithLockedStore(SharedPGPCertificateDirectory directory) - throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, - BadDataException, InterruptedException { - assumeTrue(directory.getLock() instanceof FileLockingMechanism); - - PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice"); - PGPPublicKeyRing cert = PGPainless.extractCertificate(key); - ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); - - directory.getLock().lockDirectory(); - assertNull(directory.tryInsert(certIn, dummyMerge)); - - directory.getLock().releaseDirectory(); - assertNotNull(directory.tryInsert(certIn, dummyMerge)); - } - - @ParameterizedTest - @MethodSource("provideTestSubjects") - public void testGetItemsAndFingerprints(SharedPGPCertificateDirectory directory) + public void testGetItemsAndFingerprints(PGPainlessCertD directory) throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, BadDataException, InterruptedException, BadNameException { From 8b853267ff553e8ea4505e8c8576e848c177793a Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Tue, 9 Aug 2022 18:40:28 +0200 Subject: [PATCH 37/63] Fix get command to also be able to get by special name --- .../java/pgp/cert_d/cli/commands/Get.java | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java index c5ce49b..94d907d 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java @@ -4,17 +4,18 @@ package pgp.cert_d.cli.commands; -import java.io.IOException; - import org.bouncycastle.util.io.Streams; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import pgp.cert_d.BadDataException; import pgp.cert_d.BadNameException; +import pgp.cert_d.SpecialNames; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate.Certificate; +import pgp.certificate.KeyMaterial; import picocli.CommandLine; +import java.io.IOException; + @CommandLine.Command(name = "get", resourceBundle = "msg_get") public class Get implements Runnable { @@ -30,12 +31,16 @@ public class Get implements Runnable { @Override public void run() { try { - Certificate certificate = PGPCertDCli.getCertificateDirectory() - .getByFingerprint(identifer); - if (certificate == null) { + KeyMaterial record; + if (SpecialNames.lookupSpecialName(identifer) != null) { + record = PGPCertDCli.getCertificateDirectory().getBySpecialName(identifer); + } else { + record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer); + } + if (record == null) { return; } - Streams.pipeAll(certificate.getInputStream(), System.out); + Streams.pipeAll(record.getInputStream(), System.out); } catch (IOException e) { LOGGER.error("IO Error", e); System.exit(-1); From cd0150c4d96135cce7fbd7e8e26d870bca6f4ae7 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 11 Aug 2022 22:12:52 +0200 Subject: [PATCH 38/63] Once again adopt changes from cert-d-java --- .../src/main/java/pgp/cert_d/cli/PGPCertDCli.java | 2 +- .../src/main/java/pgp/cert_d/cli/commands/Get.java | 4 ++-- .../src/main/java/pgp/cert_d/cli/commands/Import.java | 2 +- .../src/main/java/pgp/cert_d/cli/commands/Insert.java | 2 +- .../src/main/java/pgp/cert_d/cli/commands/Setup.java | 2 +- .../org/pgpainless/certificate_store/KeyMaterialReader.java | 2 +- .../org/pgpainless/certificate_store/PGPainlessCertD.java | 6 +++--- .../cert_d/SharedPGPCertificateDirectoryTest.java | 6 +++--- 8 files changed, 13 insertions(+), 13 deletions(-) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index cb44fdd..ff36878 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -6,7 +6,7 @@ package pgp.cert_d.cli; import org.pgpainless.certificate_store.PGPainlessCertD; import pgp.cert_d.BaseDirectoryProvider; -import pgp.cert_d.NotAStoreException; +import pgp.cert_d.exception.NotAStoreException; import pgp.cert_d.cli.commands.Export; import pgp.cert_d.cli.commands.Get; import pgp.cert_d.cli.commands.Insert; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java index 94d907d..3f303c7 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java @@ -7,8 +7,8 @@ package pgp.cert_d.cli.commands; import org.bouncycastle.util.io.Streams; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.BadDataException; -import pgp.cert_d.BadNameException; +import pgp.cert_d.exception.BadDataException; +import pgp.cert_d.exception.BadNameException; import pgp.cert_d.SpecialNames; import pgp.cert_d.cli.PGPCertDCli; import pgp.certificate.KeyMaterial; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index d201b84..2f35cc7 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -10,7 +10,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.pgpainless.PGPainless; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.BadDataException; +import pgp.cert_d.exception.BadDataException; import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; import pgp.certificate.Certificate; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java index 30020a8..25a2116 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java @@ -6,7 +6,7 @@ package pgp.cert_d.cli.commands; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.BadDataException; +import pgp.cert_d.exception.BadDataException; import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; import pgp.certificate.Certificate; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java index e1a4b5e..3f2d2d9 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java @@ -15,7 +15,7 @@ import org.pgpainless.key.generation.type.eddsa.EdDSACurve; import org.pgpainless.util.Passphrase; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.BadDataException; +import pgp.cert_d.exception.BadDataException; import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; import picocli.CommandLine; diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java index 7af37f3..b102937 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java @@ -8,7 +8,7 @@ import org.bouncycastle.openpgp.PGPKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.pgpainless.PGPainless; -import pgp.cert_d.BadDataException; +import pgp.cert_d.exception.BadDataException; import pgp.certificate.KeyMaterial; import pgp.certificate.KeyMaterialReaderBackend; diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java index 8dcb1ba..547e535 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java @@ -5,9 +5,9 @@ package org.pgpainless.certificate_store; import pgp.cert_d.BaseDirectoryProvider; -import pgp.cert_d.FileBasedCertificateDirectoryBackend; -import pgp.cert_d.InMemoryCertificateDirectoryBackend; -import pgp.cert_d.NotAStoreException; +import pgp.cert_d.backend.FileBasedCertificateDirectoryBackend; +import pgp.cert_d.backend.InMemoryCertificateDirectoryBackend; +import pgp.cert_d.exception.NotAStoreException; import pgp.cert_d.PGPCertificateDirectory; import java.io.File; diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java index 6d3fb26..69386bc 100644 --- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java @@ -36,9 +36,9 @@ import org.pgpainless.key.OpenPgpFingerprint; import org.pgpainless.key.generation.KeySpec; import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.eddsa.EdDSACurve; -import pgp.cert_d.BadDataException; -import pgp.cert_d.BadNameException; -import pgp.cert_d.NotAStoreException; +import pgp.cert_d.exception.BadDataException; +import pgp.cert_d.exception.BadNameException; +import pgp.cert_d.exception.NotAStoreException; import pgp.certificate.Certificate; import pgp.certificate.KeyMaterial; import pgp.certificate.KeyMaterialMerger; From 7a02ec865bfbf50cc4c7731b78fc7c1225d5f311 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 12 Aug 2022 15:04:54 +0200 Subject: [PATCH 39/63] Implement List command, adapt changes from cert-d-java --- .../java/pgp/cert_d/cli/MergeCallbacks.java | 4 +- .../main/java/pgp/cert_d/cli/PGPCertDCli.java | 9 ++- .../java/pgp/cert_d/cli/commands/Export.java | 2 +- .../java/pgp/cert_d/cli/commands/Find.java | 57 +++++++++++++++++++ .../java/pgp/cert_d/cli/commands/Get.java | 22 +++++-- .../java/pgp/cert_d/cli/commands/Import.java | 4 +- .../java/pgp/cert_d/cli/commands/Insert.java | 4 +- .../java/pgp/cert_d/cli/commands/List.java | 2 +- .../java/pgp/cert_d/cli/commands/Setup.java | 2 +- .../src/main/resources/msg_export.properties | 1 + .../main/resources/msg_export_de.properties | 1 + .../src/main/resources/msg_find.properties | 11 ++++ .../src/main/resources/msg_find_de.properties | 11 ++++ .../src/main/resources/msg_get.properties | 1 + .../src/main/resources/msg_get_de.properties | 1 + pgpainless-cert-d/build.gradle | 1 + .../certificate_store/CertificateFactory.java | 10 ++-- .../certificate_store/KeyFactory.java | 8 +-- .../certificate_store/KeyMaterialReader.java | 6 +- .../certificate_store/PGPainlessCertD.java | 23 +++++--- .../SharedPGPCertificateDirectoryTest.java | 15 ++--- 21 files changed, 151 insertions(+), 44 deletions(-) create mode 100644 pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_find.properties create mode 100644 pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java index aba0342..014f7b2 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java @@ -10,8 +10,8 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.pgpainless.PGPainless; import org.pgpainless.certificate_store.CertificateFactory; import org.pgpainless.key.OpenPgpFingerprint; -import pgp.certificate.KeyMaterial; -import pgp.certificate.KeyMaterialMerger; +import pgp.certificate_store.certificate.KeyMaterial; +import pgp.certificate_store.certificate.KeyMaterialMerger; import java.io.IOException; import java.util.Iterator; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index ff36878..501d6ca 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -6,13 +6,15 @@ package pgp.cert_d.cli; import org.pgpainless.certificate_store.PGPainlessCertD; import pgp.cert_d.BaseDirectoryProvider; -import pgp.cert_d.exception.NotAStoreException; import pgp.cert_d.cli.commands.Export; +import pgp.cert_d.cli.commands.Find; import pgp.cert_d.cli.commands.Get; import pgp.cert_d.cli.commands.Insert; import pgp.cert_d.cli.commands.Import; import pgp.cert_d.cli.commands.List; import pgp.cert_d.cli.commands.Setup; +import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookupFactory; +import pgp.certificate_store.exception.NotAStoreException; import picocli.CommandLine; import java.io.File; @@ -28,7 +30,8 @@ import java.sql.SQLException; Import.class, Get.class, Setup.class, - List.class + List.class, + Find.class } ) public class PGPCertDCli { @@ -53,7 +56,7 @@ public class PGPCertDCli { baseDirectory = BaseDirectoryProvider.getDefaultBaseDir(); } - PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory); + PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory, new DatabaseSubkeyLookupFactory()); } public static void main(String[] args) { diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java index 7e06e58..4bfc24f 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java @@ -9,7 +9,7 @@ import org.bouncycastle.util.io.Streams; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate.Certificate; +import pgp.certificate_store.certificate.Certificate; import picocli.CommandLine; import java.io.IOException; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java new file mode 100644 index 0000000..445a347 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java @@ -0,0 +1,57 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli.commands; + +import org.pgpainless.key.OpenPgpFingerprint; +import pgp.cert_d.cli.PGPCertDCli; +import picocli.CommandLine; + +import java.io.IOException; +import java.math.BigInteger; +import java.util.Set; +import java.util.regex.Pattern; + +@CommandLine.Command(name = "find", + resourceBundle = "msg_find") +public class Find implements Runnable { + + private static final Pattern LONG_KEY_ID = Pattern.compile("^[0-9A-Fa-f]{16}$"); + + @CommandLine.Parameters( + paramLabel = "IDENTIFIER", + arity = "1") + String identifier; + + @Override + public void run() { + if (identifier == null) { + throw new IllegalArgumentException("No subkey ID provided."); + } + identifier = identifier.trim(); + long subkeyId = 0; + try { + OpenPgpFingerprint fingerprint = OpenPgpFingerprint.parse(identifier); + subkeyId = fingerprint.getKeyId(); + } catch (IllegalArgumentException e) { + if (!LONG_KEY_ID.matcher(identifier).matches()) { + throw new IllegalArgumentException("Provided long key-id does not match expected format. " + + "A long key-id consists of 16 hexadecimal characters."); + } + subkeyId = new BigInteger(identifier, 16).longValue(); + } + + try { + Set fingerprints = PGPCertDCli.getCertificateDirectory() + .getCertificateFingerprintsForSubkeyId(subkeyId); + for (String fingerprint : fingerprints) { + // CHECKSTYLE:OFF + System.out.println(fingerprint); + // CHECKSTYLE:ON + } + } catch (IOException e) { + throw new RuntimeException(e); + } + } +} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java index 3f303c7..96c2b76 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java @@ -4,14 +4,15 @@ package pgp.cert_d.cli.commands; +import org.bouncycastle.bcpg.ArmoredOutputStream; import org.bouncycastle.util.io.Streams; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.exception.BadDataException; -import pgp.cert_d.exception.BadNameException; import pgp.cert_d.SpecialNames; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate.KeyMaterial; +import pgp.certificate_store.certificate.KeyMaterial; +import pgp.certificate_store.exception.BadDataException; +import pgp.certificate_store.exception.BadNameException; import picocli.CommandLine; import java.io.IOException; @@ -22,6 +23,9 @@ public class Get implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(Get.class); + @CommandLine.Option(names = {"-a", "--armor"}) + boolean armor = false; + @CommandLine.Parameters( paramLabel = "IDENTIFIER", arity = "1" @@ -35,12 +39,20 @@ public class Get implements Runnable { if (SpecialNames.lookupSpecialName(identifer) != null) { record = PGPCertDCli.getCertificateDirectory().getBySpecialName(identifer); } else { - record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer); + record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer.toLowerCase()); } if (record == null) { return; } - Streams.pipeAll(record.getInputStream(), System.out); + + if (armor) { + ArmoredOutputStream armorOut = new ArmoredOutputStream(System.out); + Streams.pipeAll(record.getInputStream(), armorOut); + armorOut.close(); + } else { + Streams.pipeAll(record.getInputStream(), System.out); + } + } catch (IOException e) { LOGGER.error("IO Error", e); System.exit(-1); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index 2f35cc7..20b6637 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -10,10 +10,10 @@ import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.pgpainless.PGPainless; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.exception.BadDataException; import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate.Certificate; +import pgp.certificate_store.certificate.Certificate; +import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; import java.io.ByteArrayInputStream; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java index 25a2116..b73e51a 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java @@ -6,10 +6,10 @@ package pgp.cert_d.cli.commands; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.exception.BadDataException; import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate.Certificate; +import pgp.certificate_store.certificate.Certificate; +import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; import java.io.IOException; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java index cedf1ff..2ce37a0 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java @@ -5,7 +5,7 @@ package pgp.cert_d.cli.commands; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate.Certificate; +import pgp.certificate_store.certificate.Certificate; import picocli.CommandLine; import java.util.Iterator; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java index 3f2d2d9..bb94de7 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java @@ -15,9 +15,9 @@ import org.pgpainless.key.generation.type.eddsa.EdDSACurve; import org.pgpainless.util.Passphrase; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.exception.BadDataException; import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; +import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; import java.io.ByteArrayInputStream; diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_export.properties b/pgpainless-cert-d-cli/src/main/resources/msg_export.properties index 8d6b59a..2798b4f 100644 --- a/pgpainless-cert-d-cli/src/main/resources/msg_export.properties +++ b/pgpainless-cert-d-cli/src/main/resources/msg_export.properties @@ -2,6 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 usage.header=Export all certificates in the store to Standard Output +armor=Wrap the output in ASCII armor # Generic TODO: Remove when bumping picocli to 4.7.0 usage.synopsisHeading=Usage:\u0020 diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties index 2a7a2e1..a078ca4 100644 --- a/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties +++ b/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties @@ -2,6 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 usage.header=Exportiere alle gespeicherten Zertifikate zur Standardausgabe +armor=Verpacke the Ausgabe in ASCII Armor # Generic TODO: Remove when bumping picocli to 4.7.0 usage.synopsisHeading=Aufruf:\u0020 diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_find.properties b/pgpainless-cert-d-cli/src/main/resources/msg_find.properties new file mode 100644 index 0000000..d2dd833 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_find.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Lookup primary certificate fingerprints by subkey ids or fingerprints + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Usage:\u0020 +usage.commandListHeading = %nCommands:%n +usage.optionListHeading = %nOptions:%n +usage.footerHeading=Powered by picocli%n +store=Overwrite the default certificate directory path diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties new file mode 100644 index 0000000..9fe69df --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Schlage primäre Fingerabdrücke von Zertifikaten per ID oder Fingerabdruck von Unterschlüsseln nach + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Aufruf:\u0020 +usage.commandListHeading=%nBefehle:%n +usage.optionListHeading = %nOptionen:%n +usage.footerHeading=Powered by Picocli%n +store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_get.properties b/pgpainless-cert-d-cli/src/main/resources/msg_get.properties index 5e04944..a031d99 100644 --- a/pgpainless-cert-d-cli/src/main/resources/msg_get.properties +++ b/pgpainless-cert-d-cli/src/main/resources/msg_get.properties @@ -3,6 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 usage.header=Retrieve certificates from the store IDENTIFIER[0]=Certificate identifier (fingerprint or special name) +armor=Wrap the output in ASCII armor # Generic TODO: Remove when bumping picocli to 4.7.0 usage.synopsisHeading=Usage:\u0020 diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties index 36fd12b..b0f82b1 100644 --- a/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties +++ b/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties @@ -3,6 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 usage.header=Frage Zertifikate aus dem Speicher ab IDENTIFIER[0]=Zertifikatskennung (Fingerabdruck oder Spezialname) +armor=Verpacke the Ausgabe in ASCII Armor # Generic TODO: Remove when bumping picocli to 4.7.0 usage.synopsisHeading=Aufruf:\u0020 diff --git a/pgpainless-cert-d/build.gradle b/pgpainless-cert-d/build.gradle index bba6ebf..ed891ec 100644 --- a/pgpainless-cert-d/build.gradle +++ b/pgpainless-cert-d/build.gradle @@ -34,6 +34,7 @@ dependencies { // pgp.cert.d api "org.pgpainless:pgp-cert-d-java:$pgpCertDJavaVersion" + api "org.pgpainless:pgp-certificate-store:$pgpCertDJavaVersion" } animalsniffer { diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java index 1757491..8fe8919 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java @@ -8,16 +8,16 @@ import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.util.encoders.Base64; import org.pgpainless.key.OpenPgpFingerprint; -import pgp.certificate.Certificate; +import pgp.certificate_store.certificate.Certificate; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.util.HashSet; +import java.util.ArrayList; import java.util.Iterator; -import java.util.Set; +import java.util.List; public class CertificateFactory { @@ -46,8 +46,8 @@ public class CertificateFactory { } @Override - public Set getSubkeyIds() throws IOException { - Set keyIds = new HashSet<>(); + public List getSubkeyIds() throws IOException { + List keyIds = new ArrayList<>(); Iterator keys = publicKeyRing.getPublicKeys(); while (keys.hasNext()) { keyIds.add(keys.next().getKeyID()); diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java index d71777b..18cc66e 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java @@ -8,15 +8,15 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.util.encoders.Base64; import org.pgpainless.PGPainless; -import pgp.certificate.Certificate; -import pgp.certificate.Key; +import pgp.certificate_store.certificate.Certificate; +import pgp.certificate_store.certificate.Key; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.util.Set; +import java.util.List; public class KeyFactory { @@ -52,7 +52,7 @@ public class KeyFactory { } @Override - public Set getSubkeyIds() throws IOException { + public List getSubkeyIds() throws IOException { return getCertificate().getSubkeyIds(); } }; diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java index b102937..34ef5a5 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java @@ -8,9 +8,9 @@ import org.bouncycastle.openpgp.PGPKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.pgpainless.PGPainless; -import pgp.cert_d.exception.BadDataException; -import pgp.certificate.KeyMaterial; -import pgp.certificate.KeyMaterialReaderBackend; +import pgp.certificate_store.certificate.KeyMaterial; +import pgp.certificate_store.certificate.KeyMaterialReaderBackend; +import pgp.certificate_store.exception.BadDataException; import java.io.IOException; import java.io.InputStream; diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java index 547e535..a322301 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java @@ -7,8 +7,11 @@ package org.pgpainless.certificate_store; import pgp.cert_d.BaseDirectoryProvider; import pgp.cert_d.backend.FileBasedCertificateDirectoryBackend; import pgp.cert_d.backend.InMemoryCertificateDirectoryBackend; -import pgp.cert_d.exception.NotAStoreException; import pgp.cert_d.PGPCertificateDirectory; +import pgp.cert_d.subkey_lookup.InMemorySubkeyLookup; +import pgp.cert_d.subkey_lookup.SubkeyLookup; +import pgp.cert_d.subkey_lookup.SubkeyLookupFactory; +import pgp.certificate_store.exception.NotAStoreException; import java.io.File; @@ -16,21 +19,25 @@ public class PGPainlessCertD extends PGPCertificateDirectory { private static final KeyMaterialReader keyMaterialReader = new KeyMaterialReader(); - public PGPainlessCertD(Backend backend) { - super(backend); + public PGPainlessCertD(Backend backend, SubkeyLookup subkeyLookup) { + super(backend, subkeyLookup); } public static PGPainlessCertD inMemory() { Backend backend = new InMemoryCertificateDirectoryBackend(keyMaterialReader); - return new PGPainlessCertD(backend); + SubkeyLookup subkeyLookup = new InMemorySubkeyLookup(); + return new PGPainlessCertD(backend, subkeyLookup); } - public static PGPainlessCertD fileBased() throws NotAStoreException { - return fileBased(BaseDirectoryProvider.getDefaultBaseDir()); + public static PGPainlessCertD fileBased(SubkeyLookupFactory subkeyLookupFactory) + throws NotAStoreException { + return fileBased(BaseDirectoryProvider.getDefaultBaseDir(), subkeyLookupFactory); } - public static PGPainlessCertD fileBased(File baseDirectory) throws NotAStoreException { + public static PGPainlessCertD fileBased(File baseDirectory, SubkeyLookupFactory subkeyLookupFactory) + throws NotAStoreException { Backend backend = new FileBasedCertificateDirectoryBackend(baseDirectory, keyMaterialReader); - return new PGPainlessCertD(backend); + SubkeyLookup subkeyLookup = subkeyLookupFactory.createFileBasedInstance(baseDirectory); + return new PGPainlessCertD(backend, subkeyLookup); } } diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java index 69386bc..7b2521b 100644 --- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java @@ -36,12 +36,13 @@ import org.pgpainless.key.OpenPgpFingerprint; import org.pgpainless.key.generation.KeySpec; import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.eddsa.EdDSACurve; -import pgp.cert_d.exception.BadDataException; -import pgp.cert_d.exception.BadNameException; -import pgp.cert_d.exception.NotAStoreException; -import pgp.certificate.Certificate; -import pgp.certificate.KeyMaterial; -import pgp.certificate.KeyMaterialMerger; +import pgp.cert_d.subkey_lookup.InMemorySubkeyLookupFactory; +import pgp.certificate_store.certificate.Certificate; +import pgp.certificate_store.certificate.KeyMaterial; +import pgp.certificate_store.certificate.KeyMaterialMerger; +import pgp.certificate_store.exception.BadDataException; +import pgp.certificate_store.exception.BadNameException; +import pgp.certificate_store.exception.NotAStoreException; public class SharedPGPCertificateDirectoryTest { @@ -54,7 +55,7 @@ public class SharedPGPCertificateDirectoryTest { private static Stream provideTestSubjects() throws IOException, NotAStoreException { return Stream.of( - PGPainlessCertD.fileBased(tempDir())); + PGPainlessCertD.fileBased(tempDir(), new InMemorySubkeyLookupFactory())); } private static File tempDir() throws IOException { From 7b6162682ec73bcb62906d061e09069cd9d1822f Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 12 Aug 2022 15:43:22 +0200 Subject: [PATCH 40/63] Move and implement key-capable MergeCallbacks --- .../java/pgp/cert_d/cli/commands/Import.java | 2 +- .../java/pgp/cert_d/cli/commands/Insert.java | 2 +- .../java/pgp/cert_d/cli/commands/Setup.java | 2 +- .../certificate_store}/MergeCallbacks.java | 71 ++++++++++++++++--- version.gradle | 2 +- 5 files changed, 65 insertions(+), 14 deletions(-) rename {pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli => pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store}/MergeCallbacks.java (50%) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index 20b6637..d7d29fb 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -10,7 +10,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.pgpainless.PGPainless; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.cli.MergeCallbacks; +import org.pgpainless.certificate_store.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; import pgp.certificate_store.certificate.Certificate; import pgp.certificate_store.exception.BadDataException; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java index b73e51a..c88ead0 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java @@ -6,7 +6,7 @@ package pgp.cert_d.cli.commands; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.cli.MergeCallbacks; +import org.pgpainless.certificate_store.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; import pgp.certificate_store.certificate.Certificate; import pgp.certificate_store.exception.BadDataException; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java index bb94de7..0178e0a 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java @@ -15,7 +15,7 @@ import org.pgpainless.key.generation.type.eddsa.EdDSACurve; import org.pgpainless.util.Passphrase; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.cli.MergeCallbacks; +import org.pgpainless.certificate_store.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java similarity index 50% rename from pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java rename to pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java index 014f7b2..242ed49 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java @@ -2,18 +2,21 @@ // // SPDX-License-Identifier: Apache-2.0 -package pgp.cert_d.cli; +package org.pgpainless.certificate_store; import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPKeyRing; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.pgpainless.PGPainless; -import org.pgpainless.certificate_store.CertificateFactory; import org.pgpainless.key.OpenPgpFingerprint; import pgp.certificate_store.certificate.KeyMaterial; import pgp.certificate_store.certificate.KeyMaterialMerger; +import pgp.certificate_store.exception.BadDataException; import java.io.IOException; +import java.util.Arrays; import java.util.Iterator; public class MergeCallbacks { @@ -29,20 +32,66 @@ public class MergeCallbacks { @Override public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) throws IOException { + if (data == null) { + return existing; + } + if (existing == null) { + return data; + } + try { - PGPPublicKeyRing existingCert = PGPainless.readKeyRing().publicKeyRing(existing.getInputStream()); - PGPPublicKeyRing updatedCert = PGPainless.readKeyRing().publicKeyRing(data.getInputStream()); - PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert); + PGPKeyRing existingKeyRing = PGPainless.readKeyRing().keyRing(existing.getInputStream()); + PGPKeyRing updatedKeyRing = PGPainless.readKeyRing().keyRing(data.getInputStream()); - printOutDifferences(existingCert, mergedCert); + PGPKeyRing mergedKeyRing; + + if (existingKeyRing instanceof PGPPublicKeyRing) { + PGPPublicKeyRing existingCert = (PGPPublicKeyRing) existingKeyRing; + if (updatedKeyRing instanceof PGPPublicKeyRing) { + mergedKeyRing = PGPPublicKeyRing.join(existingCert, (PGPPublicKeyRing) updatedKeyRing); + } else if (updatedKeyRing instanceof PGPSecretKeyRing) { + PGPPublicKeyRing updatedPublicKeys = PGPainless.extractCertificate((PGPSecretKeyRing) updatedKeyRing); + PGPPublicKeyRing mergedPublicKeys = PGPPublicKeyRing.join(existingCert, updatedPublicKeys); + updatedKeyRing = PGPSecretKeyRing.replacePublicKeys((PGPSecretKeyRing) updatedKeyRing, mergedPublicKeys); + mergedKeyRing = updatedKeyRing; + } else { + throw new IOException(new BadDataException()); + } + } else if (existingKeyRing instanceof PGPSecretKeyRing) { + PGPSecretKeyRing existingKey = (PGPSecretKeyRing) existingKeyRing; + PGPPublicKeyRing existingCert = PGPainless.extractCertificate(existingKey); + if (updatedKeyRing instanceof PGPPublicKeyRing) { + PGPPublicKeyRing updatedCert = (PGPPublicKeyRing) updatedKeyRing; + PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert); + mergedKeyRing = PGPSecretKeyRing.replacePublicKeys(existingKey, mergedCert); + } else if (updatedKeyRing instanceof PGPSecretKeyRing) { + PGPSecretKeyRing updatedKey = (PGPSecretKeyRing) updatedKeyRing; + if (!Arrays.equals(existingKey.getEncoded(), updatedKey.getEncoded())) { + // Merging secret keys is not supported. + return existing; + } + mergedKeyRing = existingKeyRing; + } else { + throw new IOException(new BadDataException()); + } + } else { + throw new IOException(new BadDataException()); + } + + printOutDifferences(existingKeyRing, mergedKeyRing); + + if (mergedKeyRing instanceof PGPPublicKeyRing) { + return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) mergedKeyRing); + } else { + return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) mergedKeyRing); + } - return CertificateFactory.certificateFromPublicKeyRing(mergedCert); } catch (PGPException e) { throw new RuntimeException(e); } } - private void printOutDifferences(PGPPublicKeyRing existingCert, PGPPublicKeyRing mergedCert) { + private void printOutDifferences(PGPKeyRing existingCert, PGPKeyRing mergedCert) { int numSigsBefore = countSigs(existingCert); int numSigsAfter = countSigs(mergedCert); int newSigs = numSigsAfter - numSigsBefore; @@ -74,9 +123,11 @@ public class MergeCallbacks { } } - private int countSigs(PGPPublicKeyRing keys) { + private int countSigs(PGPKeyRing keys) { int numSigs = 0; - for (PGPPublicKey key : keys) { + Iterator iterator = keys.getPublicKeys(); + while (iterator.hasNext()) { + PGPPublicKey key = iterator.next(); numSigs += count(key.getSignatures()); } return numSigs; diff --git a/version.gradle b/version.gradle index 90264e0..45efb59 100644 --- a/version.gradle +++ b/version.gradle @@ -12,7 +12,7 @@ allprojects { logbackVersion = '1.2.11' junitVersion = '5.8.2' mockitoVersion = '4.5.1' - pgpainlessVersion = '1.3.5-SNAPSHOT' + pgpainlessVersion = '1.3.5' pgpCertDJavaVersion = '0.1.2-SNAPSHOT' picocliVersion = '4.6.3' } From 33d93cc39ae4320c5889da03afff68de7bae9ed8 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Wed, 24 Aug 2022 13:24:05 +0200 Subject: [PATCH 41/63] Adopt latest changes from pgp-cert-d and add armor headers for get command --- .../java/pgp/cert_d/cli/commands/Get.java | 6 ++- .../certificate_store/CertificateFactory.java | 48 ++++--------------- .../certificate_store/KeyFactory.java | 47 ++---------------- .../certificate_store/KeyMaterialReader.java | 6 +-- .../certificate_store/MergeCallbacks.java | 4 +- 5 files changed, 25 insertions(+), 86 deletions(-) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java index 96c2b76..9422d2e 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java @@ -5,7 +5,10 @@ package pgp.cert_d.cli.commands; import org.bouncycastle.bcpg.ArmoredOutputStream; +import org.bouncycastle.openpgp.PGPKeyRing; import org.bouncycastle.util.io.Streams; +import org.pgpainless.PGPainless; +import org.pgpainless.util.ArmorUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import pgp.cert_d.SpecialNames; @@ -46,7 +49,8 @@ public class Get implements Runnable { } if (armor) { - ArmoredOutputStream armorOut = new ArmoredOutputStream(System.out); + PGPKeyRing keyRing = PGPainless.readKeyRing().keyRing(record.getInputStream()); + ArmoredOutputStream armorOut = ArmorUtils.toAsciiArmoredStream(keyRing, System.out); Streams.pipeAll(record.getInputStream(), armorOut); armorOut.close(); } else { diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java index 8fe8919..ceb1719 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java @@ -6,54 +6,26 @@ package org.pgpainless.certificate_store; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; -import org.bouncycastle.util.encoders.Base64; import org.pgpainless.key.OpenPgpFingerprint; import pgp.certificate_store.certificate.Certificate; -import java.io.ByteArrayInputStream; import java.io.IOException; -import java.io.InputStream; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Iterator; import java.util.List; public class CertificateFactory { - public static Certificate certificateFromPublicKeyRing(PGPPublicKeyRing publicKeyRing) { - return new Certificate() { - @Override - public String getFingerprint() { - return OpenPgpFingerprint.of(publicKeyRing).toString().toLowerCase(); - } + public static Certificate certificateFromPublicKeyRing(PGPPublicKeyRing publicKeyRing, Long tag) + throws IOException { + byte[] bytes = publicKeyRing.getEncoded(); + String fingerprint = OpenPgpFingerprint.of(publicKeyRing).toString().toLowerCase(); + List subkeyIds = new ArrayList<>(); + Iterator keys = publicKeyRing.getPublicKeys(); + while (keys.hasNext()) { + subkeyIds.add(keys.next().getKeyID()); + } - @Override - public InputStream getInputStream() throws IOException { - return new ByteArrayInputStream(publicKeyRing.getEncoded()); - } - - @Override - public String getTag() throws IOException { - MessageDigest digest; - try { - digest = MessageDigest.getInstance("SHA-256"); - } catch (NoSuchAlgorithmException e) { - throw new AssertionError("No MessageDigest for SHA-256 instantiated, although BC is on the classpath: " + e.getMessage()); - } - digest.update(publicKeyRing.getEncoded()); - return Base64.toBase64String(digest.digest()); - } - - @Override - public List getSubkeyIds() throws IOException { - List keyIds = new ArrayList<>(); - Iterator keys = publicKeyRing.getPublicKeys(); - while (keys.hasNext()) { - keyIds.add(keys.next().getKeyID()); - } - return keyIds; - } - }; + return new Certificate(bytes, fingerprint, subkeyIds, tag); } } diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java index 18cc66e..a43f76f 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java @@ -6,55 +6,18 @@ package org.pgpainless.certificate_store; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; -import org.bouncycastle.util.encoders.Base64; import org.pgpainless.PGPainless; import pgp.certificate_store.certificate.Certificate; import pgp.certificate_store.certificate.Key; -import java.io.ByteArrayInputStream; import java.io.IOException; -import java.io.InputStream; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.List; public class KeyFactory { - public static Key keyFromSecretKeyRing(PGPSecretKeyRing secretKeyRing) { - - return new Key() { - @Override - public String getFingerprint() { - return getCertificate().getFingerprint(); - } - - @Override - public Certificate getCertificate() { - PGPPublicKeyRing publicKeys = PGPainless.extractCertificate(secretKeyRing); - return CertificateFactory.certificateFromPublicKeyRing(publicKeys); - } - - @Override - public InputStream getInputStream() throws IOException { - return new ByteArrayInputStream(secretKeyRing.getEncoded()); - } - - @Override - public String getTag() throws IOException { - MessageDigest digest; - try { - digest = MessageDigest.getInstance("SHA-256"); - } catch (NoSuchAlgorithmException e) { - throw new AssertionError("No MessageDigest for SHA-256 instantiated, although BC is on the classpath: " + e.getMessage()); - } - digest.update(secretKeyRing.getEncoded()); - return Base64.toBase64String(digest.digest()); - } - - @Override - public List getSubkeyIds() throws IOException { - return getCertificate().getSubkeyIds(); - } - }; + public static Key keyFromSecretKeyRing(PGPSecretKeyRing secretKeyRing, Long tag) throws IOException { + byte[] bytes = secretKeyRing.getEncoded(); + PGPPublicKeyRing publicKeyRing = PGPainless.extractCertificate(secretKeyRing); + Certificate certificate = CertificateFactory.certificateFromPublicKeyRing(publicKeyRing, tag); + return new Key(bytes, certificate, tag); } } diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java index 34ef5a5..409a9fe 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java @@ -18,12 +18,12 @@ import java.io.InputStream; public class KeyMaterialReader implements KeyMaterialReaderBackend { @Override - public KeyMaterial read(InputStream data) throws IOException, BadDataException { + public KeyMaterial read(InputStream data, Long tag) throws IOException, BadDataException { PGPKeyRing keyMaterial = PGPainless.readKeyRing().keyRing(data); if (keyMaterial instanceof PGPSecretKeyRing) { - return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) keyMaterial); + return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) keyMaterial, tag); } else if (keyMaterial instanceof PGPPublicKeyRing) { - return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) keyMaterial); + return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) keyMaterial, tag); } else { throw new BadDataException(); } diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java index 242ed49..6e84f26 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java @@ -81,9 +81,9 @@ public class MergeCallbacks { printOutDifferences(existingKeyRing, mergedKeyRing); if (mergedKeyRing instanceof PGPPublicKeyRing) { - return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) mergedKeyRing); + return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) mergedKeyRing, null); } else { - return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) mergedKeyRing); + return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) mergedKeyRing, null); } } catch (PGPException e) { From 5e5e3dd760bddd533cc68d17123c91f35bc77fe4 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 25 Aug 2022 12:56:10 +0200 Subject: [PATCH 42/63] Convert certain IOExceptions into BadDataException --- .../certificate_store/KeyMaterialReader.java | 12 ++++- .../KeyMaterialReaderTest.java | 46 +++++++++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 pgpainless-cert-d/src/test/java/org/pgpainless/certificate_store/KeyMaterialReaderTest.java diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java index 409a9fe..112bf18 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java @@ -19,7 +19,17 @@ public class KeyMaterialReader implements KeyMaterialReaderBackend { @Override public KeyMaterial read(InputStream data, Long tag) throws IOException, BadDataException { - PGPKeyRing keyMaterial = PGPainless.readKeyRing().keyRing(data); + PGPKeyRing keyMaterial; + try { + keyMaterial = PGPainless.readKeyRing().keyRing(data); + } catch (IOException e) { + if (e.getMessage().contains("unknown object in stream") || + e.getMessage().contains("unexpected end of file in armored stream.")) { + throw new BadDataException(); + } else { + throw e; + } + } if (keyMaterial instanceof PGPSecretKeyRing) { return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) keyMaterial, tag); } else if (keyMaterial instanceof PGPPublicKeyRing) { diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/certificate_store/KeyMaterialReaderTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/certificate_store/KeyMaterialReaderTest.java new file mode 100644 index 0000000..40d8048 --- /dev/null +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/certificate_store/KeyMaterialReaderTest.java @@ -0,0 +1,46 @@ +package org.pgpainless.certificate_store; + +import org.junit.jupiter.api.Test; + +public class CertificateAndKeyFactoryTest { + + private static final String KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" + + "Comment: B21A ABBF 15DF 0FDA 3742 4DE9 AD00 8384 AD0A 064C\n" + + "Comment: Volodymyr Zelenskyy \n" + + "\n" + + "xVgEYwdKchYJKwYBBAHaRw8BAQdARSvx9BDpV0AoNYTmN/wrZXQAB7VzOV0rKEQc\n" + + "OkhbP5wAAP0QE5FCIOvzea7wu3Yw3LDMmOOgMaWXngYp0948VPP2+xM7wsARBB8W\n" + + "CgCDBYJjB0pyBYkFn6YAAwsJBwkQrQCDhK0KBkxHFAAAAAAAHgAgc2FsdEBub3Rh\n" + + "dGlvbnMuc2VxdW9pYS1wZ3Aub3JnpqJFBi2xLa0V4D9k4rlmibhIsMRlcvK/MK83\n" + + "Hjfh2CIDFQoIApsBAh4BFiEEshqrvxXfD9o3Qk3prQCDhK0KBkwAAIwNAP41uywA\n" + + "z+qaRhWoj0stYmmefok4WHXk34jfameTopO1LAEA6L6/crPYzIcAZraaz0s5AM/2\n" + + "OvJZR8LaBSj92uBDbAzNJlZvbG9keW15ciBaZWxlbnNreXkgPHplbGVuc2t5eUBn\n" + + "b3YudWE+wsAUBBMWCgCGBYJjB0pyBYkFn6YAAwsJBwkQrQCDhK0KBkxHFAAAAAAA\n" + + "HgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnuD/qrSefYHLBUQ70qQhb\n" + + "cClzXkMQCoGO4S3WJzib/IADFQoIApkBApsBAh4BFiEEshqrvxXfD9o3Qk3prQCD\n" + + "hK0KBkwAAL8DAP42+z1sDJlv64PW4iq2ODYcdY1NSptjzfiQ2hyodNBFpgD+Mkiv\n" + + "9e2bFvlRj2Q5Brypy3ZwKvGtikUe3s+NlKMPlgTHWARjB0pyFgkrBgEEAdpHDwEB\n" + + "B0BNjMb280vf8zNJ/YAtcc6nLe8uCSTtxKKHF0Go9kU+VgABAKTAn5oiixsRxfEb\n" + + "k1I6WQbIGk/XNPZ241k65WRdg1qODvXCwMUEGBYKATcFgmMHSnIFiQWfpgAJEK0A\n" + + "g4StCgZMRxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZ9el\n" + + "oLUj9wUjbwI91PYFiLbcIMYw+G2w85rw5nLaXzHEApsCvqAEGRYKAG8FgmMHSnIJ\n" + + "EDWWq2wLl0UaRxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9y\n" + + "Z622EwAZW4CP32L2ysCphw7DasyPOdBpDsiMv2LB7dz8FiEEZQkoZquL7+v7NBoA\n" + + "NZarbAuXRRoAAOu3AP0X6dEVabI84d7t4AwRpmEiShSum9CJiODSs580lzkjlAD/\n" + + "QOGSIE5iO155kPudwi8ubif+v4tXe4Ro++tIP85bTQ8WIQSyGqu/Fd8P2jdCTemt\n" + + "AIOErQoGTAAAScwBAJ2A8vuK0wEMQHhVJR1lcjUaUm7EoBVuplF85dFipXjuAP40\n" + + "bwvHajjg8wFLo8pwAATBd2gnNYXXDK7J2WwiZPAKAcddBGMHSnISCisGAQQBl1UB\n" + + "BQEBB0DG0ue4giLkEecm/qz1wPQQBIl5v18/9M0SrMUk/M16agMBCAcAAP9Z4R+9\n" + + "tmG3aUKOB9nwN1t4N1GnbYCmaZzTn3uJXLetYBFTwsAGBBgWCgB4BYJjB0pyBYkF\n" + + "n6YACRCtAIOErQoGTEcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBn\n" + + "cC5vcmfZNJZA/uU2jCW1zQzCT9oK5hj0sL2taNvDFlLtkMCNqwKbDBYhBLIaq78V\n" + + "3w/aN0JN6a0Ag4StCgZMAAAlKwD/eUEbC8MoIitKulDZawtlC0rSITXtQJqUkGNc\n" + + "ujTPgIAA/1p/Y3sHn4nhmYcVX902BRXBp8YMD/cHQWZkWPhvM9YF\n" + + "=3nhb\n" + + "-----END PGP PRIVATE KEY BLOCK-----\n"; + + @Test + public void test() { + + } +} From 6995879e05c9808f3fdcbbbc2d2db3aaf38fe468 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 25 Aug 2022 12:56:25 +0200 Subject: [PATCH 43/63] Bump cert-d-java to 0.2.0 --- version.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.gradle b/version.gradle index 45efb59..982e05b 100644 --- a/version.gradle +++ b/version.gradle @@ -13,7 +13,7 @@ allprojects { junitVersion = '5.8.2' mockitoVersion = '4.5.1' pgpainlessVersion = '1.3.5' - pgpCertDJavaVersion = '0.1.2-SNAPSHOT' + pgpCertDJavaVersion = '0.2.0' picocliVersion = '4.6.3' } } From 80600c86ce2ee90fdb27318ff02f5407aef8bb09 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 25 Aug 2022 12:56:56 +0200 Subject: [PATCH 44/63] Refactor MergeCallbacks --- .../java/pgp/cert_d/cli/commands/Import.java | 2 +- .../java/pgp/cert_d/cli/commands/Insert.java | 2 +- .../java/pgp/cert_d/cli/commands/Setup.java | 2 +- .../certificate_store/MergeCallbacks.java | 104 +++++++++--------- .../KeyMaterialReaderTest.java | 93 +++++++++++++++- 5 files changed, 145 insertions(+), 58 deletions(-) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index d7d29fb..3dfcfb4 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -32,7 +32,7 @@ public class Import implements Runnable { for (PGPPublicKeyRing cert : certificates) { ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); Certificate certificate = PGPCertDCli.getCertificateDirectory() - .insert(certIn, MergeCallbacks.mergeCertificates()); + .insert(certIn, MergeCallbacks.mergeWithExisting()); } } catch (IOException e) { LOGGER.error("IO-Error.", e); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java index c88ead0..25987d0 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java @@ -24,7 +24,7 @@ public class Insert implements Runnable { public void run() { try { Certificate certificate = PGPCertDCli.getCertificateDirectory() - .insert(System.in, MergeCallbacks.mergeCertificates()); + .insert(System.in, MergeCallbacks.mergeWithExisting()); } catch (IOException e) { LOGGER.error("IO-Error.", e); System.exit(-1); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java index 0178e0a..2cdc5c4 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java @@ -61,7 +61,7 @@ public class Setup implements Runnable { try { InputStream inputStream = new ByteArrayInputStream(trustRoot.getEncoded()); - PGPCertDCli.getCertificateDirectory().insertTrustRoot(inputStream, MergeCallbacks.overrideKey()); + PGPCertDCli.getCertificateDirectory().insertTrustRoot(inputStream, MergeCallbacks.overrideExisting()); } catch (BadDataException e) { throw new RuntimeException(e); diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java index 6e84f26..cbd3a44 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java @@ -16,7 +16,6 @@ import pgp.certificate_store.certificate.KeyMaterialMerger; import pgp.certificate_store.exception.BadDataException; import java.io.IOException; -import java.util.Arrays; import java.util.Iterator; public class MergeCallbacks { @@ -27,11 +26,13 @@ public class MergeCallbacks { * * @return merging callback */ - public static KeyMaterialMerger mergeCertificates() { + public static KeyMaterialMerger mergeWithExisting() { return new KeyMaterialMerger() { @Override - public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) throws IOException { + public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) + throws IOException { + // Simple cases: one is null -> return other if (data == null) { return existing; } @@ -46,51 +47,66 @@ public class MergeCallbacks { PGPKeyRing mergedKeyRing; if (existingKeyRing instanceof PGPPublicKeyRing) { - PGPPublicKeyRing existingCert = (PGPPublicKeyRing) existingKeyRing; - if (updatedKeyRing instanceof PGPPublicKeyRing) { - mergedKeyRing = PGPPublicKeyRing.join(existingCert, (PGPPublicKeyRing) updatedKeyRing); - } else if (updatedKeyRing instanceof PGPSecretKeyRing) { - PGPPublicKeyRing updatedPublicKeys = PGPainless.extractCertificate((PGPSecretKeyRing) updatedKeyRing); - PGPPublicKeyRing mergedPublicKeys = PGPPublicKeyRing.join(existingCert, updatedPublicKeys); - updatedKeyRing = PGPSecretKeyRing.replacePublicKeys((PGPSecretKeyRing) updatedKeyRing, mergedPublicKeys); - mergedKeyRing = updatedKeyRing; - } else { - throw new IOException(new BadDataException()); - } + mergedKeyRing = mergeWithCert((PGPPublicKeyRing) existingKeyRing, updatedKeyRing); } else if (existingKeyRing instanceof PGPSecretKeyRing) { - PGPSecretKeyRing existingKey = (PGPSecretKeyRing) existingKeyRing; - PGPPublicKeyRing existingCert = PGPainless.extractCertificate(existingKey); - if (updatedKeyRing instanceof PGPPublicKeyRing) { - PGPPublicKeyRing updatedCert = (PGPPublicKeyRing) updatedKeyRing; - PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert); - mergedKeyRing = PGPSecretKeyRing.replacePublicKeys(existingKey, mergedCert); - } else if (updatedKeyRing instanceof PGPSecretKeyRing) { - PGPSecretKeyRing updatedKey = (PGPSecretKeyRing) updatedKeyRing; - if (!Arrays.equals(existingKey.getEncoded(), updatedKey.getEncoded())) { - // Merging secret keys is not supported. - return existing; - } - mergedKeyRing = existingKeyRing; - } else { - throw new IOException(new BadDataException()); - } + mergedKeyRing = mergeWithKey(existingKeyRing, updatedKeyRing); } else { throw new IOException(new BadDataException()); } printOutDifferences(existingKeyRing, mergedKeyRing); - if (mergedKeyRing instanceof PGPPublicKeyRing) { - return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) mergedKeyRing, null); - } else { - return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) mergedKeyRing, null); - } + return toKeyMaterial(mergedKeyRing); } catch (PGPException e) { throw new RuntimeException(e); } } + private PGPKeyRing mergeWithCert(PGPPublicKeyRing existingKeyRing, PGPKeyRing updatedKeyRing) + throws PGPException, IOException { + PGPKeyRing mergedKeyRing; + PGPPublicKeyRing existingCert = existingKeyRing; + if (updatedKeyRing instanceof PGPPublicKeyRing) { + mergedKeyRing = PGPPublicKeyRing.join(existingCert, (PGPPublicKeyRing) updatedKeyRing); + } else if (updatedKeyRing instanceof PGPSecretKeyRing) { + PGPPublicKeyRing updatedPublicKeys = PGPainless.extractCertificate((PGPSecretKeyRing) updatedKeyRing); + PGPPublicKeyRing mergedPublicKeys = PGPPublicKeyRing.join(existingCert, updatedPublicKeys); + updatedKeyRing = PGPSecretKeyRing.replacePublicKeys((PGPSecretKeyRing) updatedKeyRing, mergedPublicKeys); + mergedKeyRing = updatedKeyRing; + } else { + throw new IOException(new BadDataException()); + } + return mergedKeyRing; + } + + private PGPKeyRing mergeWithKey(PGPKeyRing existingKeyRing, PGPKeyRing updatedKeyRing) + throws PGPException, IOException { + PGPKeyRing mergedKeyRing; + PGPSecretKeyRing existingKey = (PGPSecretKeyRing) existingKeyRing; + PGPPublicKeyRing existingCert = PGPainless.extractCertificate(existingKey); + if (updatedKeyRing instanceof PGPPublicKeyRing) { + PGPPublicKeyRing updatedCert = (PGPPublicKeyRing) updatedKeyRing; + PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert); + mergedKeyRing = PGPSecretKeyRing.replacePublicKeys(existingKey, mergedCert); + } else if (updatedKeyRing instanceof PGPSecretKeyRing) { + // Merging keys is not supported + mergedKeyRing = existingKeyRing; + } else { + throw new IOException(new BadDataException()); + } + return mergedKeyRing; + } + + private KeyMaterial toKeyMaterial(PGPKeyRing mergedKeyRing) + throws IOException { + if (mergedKeyRing instanceof PGPPublicKeyRing) { + return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) mergedKeyRing, null); + } else { + return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) mergedKeyRing, null); + } + } + private void printOutDifferences(PGPKeyRing existingCert, PGPKeyRing mergedCert) { int numSigsBefore = countSigs(existingCert); int numSigsAfter = countSigs(mergedCert); @@ -145,23 +161,7 @@ public class MergeCallbacks { }; } - /** - * Return an implementation of {@link KeyMaterialMerger} that ignores the existing certificate and instead - * returns the first instance. - * - * @return overriding callback - */ - public static KeyMaterialMerger overrideCertificate() { - // noinspection Convert2Lambda - return new KeyMaterialMerger() { - @Override - public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) { - return data; - } - }; - } - - public static KeyMaterialMerger overrideKey() { + public static KeyMaterialMerger overrideExisting() { // noinspection Convert2Lambda return new KeyMaterialMerger() { @Override diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/certificate_store/KeyMaterialReaderTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/certificate_store/KeyMaterialReaderTest.java index 40d8048..327abdc 100644 --- a/pgpainless-cert-d/src/test/java/org/pgpainless/certificate_store/KeyMaterialReaderTest.java +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/certificate_store/KeyMaterialReaderTest.java @@ -1,8 +1,27 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + package org.pgpainless.certificate_store; import org.junit.jupiter.api.Test; +import pgp.certificate_store.certificate.Certificate; +import pgp.certificate_store.certificate.Key; +import pgp.certificate_store.certificate.KeyMaterial; +import pgp.certificate_store.exception.BadDataException; -public class CertificateAndKeyFactoryTest { +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.nio.charset.Charset; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertSame; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; + +public class KeyMaterialReaderTest { private static final String KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" + "Comment: B21A ABBF 15DF 0FDA 3742 4DE9 AD00 8384 AD0A 064C\n" + @@ -39,8 +58,76 @@ public class CertificateAndKeyFactoryTest { "=3nhb\n" + "-----END PGP PRIVATE KEY BLOCK-----\n"; + private static final String CERT = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + + "Comment: B21A ABBF 15DF 0FDA 3742 4DE9 AD00 8384 AD0A 064C\n" + + "Comment: Volodymyr Zelenskyy \n" + + "\n" + + "xjMEYwdKchYJKwYBBAHaRw8BAQdARSvx9BDpV0AoNYTmN/wrZXQAB7VzOV0rKEQc\n" + + "OkhbP5zCwBEEHxYKAIMFgmMHSnIFiQWfpgADCwkHCRCtAIOErQoGTEcUAAAAAAAe\n" + + "ACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmemokUGLbEtrRXgP2TiuWaJ\n" + + "uEiwxGVy8r8wrzceN+HYIgMVCggCmwECHgEWIQSyGqu/Fd8P2jdCTemtAIOErQoG\n" + + "TAAAjA0A/jW7LADP6ppGFaiPSy1iaZ5+iThYdeTfiN9qZ5Oik7UsAQDovr9ys9jM\n" + + "hwBmtprPSzkAz/Y68llHwtoFKP3a4ENsDM0mVm9sb2R5bXlyIFplbGVuc2t5eSA8\n" + + "emVsZW5za3l5QGdvdi51YT7CwBQEExYKAIYFgmMHSnIFiQWfpgADCwkHCRCtAIOE\n" + + "rQoGTEcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcme4P+qt\n" + + "J59gcsFRDvSpCFtwKXNeQxAKgY7hLdYnOJv8gAMVCggCmQECmwECHgEWIQSyGqu/\n" + + "Fd8P2jdCTemtAIOErQoGTAAAvwMA/jb7PWwMmW/rg9biKrY4Nhx1jU1Km2PN+JDa\n" + + "HKh00EWmAP4ySK/17ZsW+VGPZDkGvKnLdnAq8a2KRR7ez42Uow+WBM4zBGMHSnIW\n" + + "CSsGAQQB2kcPAQEHQE2MxvbzS9/zM0n9gC1xzqct7y4JJO3EoocXQaj2RT5WwsDF\n" + + "BBgWCgE3BYJjB0pyBYkFn6YACRCtAIOErQoGTEcUAAAAAAAeACBzYWx0QG5vdGF0\n" + + "aW9ucy5zZXF1b2lhLXBncC5vcmfXpaC1I/cFI28CPdT2BYi23CDGMPhtsPOa8OZy\n" + + "2l8xxAKbAr6gBBkWCgBvBYJjB0pyCRA1lqtsC5dFGkcUAAAAAAAeACBzYWx0QG5v\n" + + "dGF0aW9ucy5zZXF1b2lhLXBncC5vcmetthMAGVuAj99i9srAqYcOw2rMjznQaQ7I\n" + + "jL9iwe3c/BYhBGUJKGari+/r+zQaADWWq2wLl0UaAADrtwD9F+nRFWmyPOHe7eAM\n" + + "EaZhIkoUrpvQiYjg0rOfNJc5I5QA/0DhkiBOYjteeZD7ncIvLm4n/r+LV3uEaPvr\n" + + "SD/OW00PFiEEshqrvxXfD9o3Qk3prQCDhK0KBkwAAEnMAQCdgPL7itMBDEB4VSUd\n" + + "ZXI1GlJuxKAVbqZRfOXRYqV47gD+NG8Lx2o44PMBS6PKcAAEwXdoJzWF1wyuydls\n" + + "ImTwCgHOOARjB0pyEgorBgEEAZdVAQUBAQdAxtLnuIIi5BHnJv6s9cD0EASJeb9f\n" + + "P/TNEqzFJPzNemoDAQgHwsAGBBgWCgB4BYJjB0pyBYkFn6YACRCtAIOErQoGTEcU\n" + + "AAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmfZNJZA/uU2jCW1\n" + + "zQzCT9oK5hj0sL2taNvDFlLtkMCNqwKbDBYhBLIaq78V3w/aN0JN6a0Ag4StCgZM\n" + + "AAAlKwD/eUEbC8MoIitKulDZawtlC0rSITXtQJqUkGNcujTPgIAA/1p/Y3sHn4nh\n" + + "mYcVX902BRXBp8YMD/cHQWZkWPhvM9YF\n" + + "=o64m\n" + + "-----END PGP PUBLIC KEY BLOCK-----"; + + private final KeyMaterialReader reader = new KeyMaterialReader(); + private final Charset UTF8 = Charset.forName("UTF8"); + @Test - public void test() { - + public void readBadDataTest() { + assertThrows(BadDataException.class, () -> reader.read( + new ByteArrayInputStream(CERT.substring(0, CERT.length() - 100).getBytes(UTF8)), null)); + } + + @Test + public void readIncompleteDataTest() { + assertThrows(BadDataException.class, () -> reader.read( + new ByteArrayInputStream("ThisIsNotOpenPGPDataAtAllLol".getBytes(UTF8)), null)); + } + + @Test + public void readKeyTest() throws BadDataException, IOException { + KeyMaterial keyMaterial = reader.read(new ByteArrayInputStream(KEY.getBytes(UTF8)), 12L); + assertNotNull(keyMaterial); + assertTrue(keyMaterial instanceof Key); + Key key = (Key) keyMaterial; + assertEquals("b21aabbf15df0fda37424de9ad008384ad0a064c", key.getFingerprint()); + assertEquals(12L, key.getTag()); + Certificate certificate = key.getCertificate(); + assertEquals(key.getFingerprint(), certificate.getFingerprint()); + assertEquals(key.getTag(), certificate.getTag()); + assertEquals(key.getSubkeyIds(), certificate.getSubkeyIds()); + } + + @Test + public void readCertTest() throws BadDataException, IOException { + KeyMaterial keyMaterial = reader.read(new ByteArrayInputStream(CERT.getBytes(UTF8)), null); + assertNotNull(keyMaterial); + assertTrue(keyMaterial instanceof Certificate); + Certificate certificate = (Certificate) keyMaterial; + assertEquals("b21aabbf15df0fda37424de9ad008384ad0a064c", certificate.getFingerprint()); + assertNull(certificate.getTag()); + assertSame(certificate, certificate.asCertificate()); } } From a7a89a31ed251b584c2f3e1fdce4ba4c34910768 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 25 Aug 2022 13:54:39 +0200 Subject: [PATCH 45/63] Add test for MergeCallbacks --- .../certificate_store/MergeCallbacksTest.java | 244 ++++++++++++++++++ 1 file changed, 244 insertions(+) create mode 100644 pgpainless-cert-d/src/test/java/org/pgpainless/certificate_store/MergeCallbacksTest.java diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/certificate_store/MergeCallbacksTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/certificate_store/MergeCallbacksTest.java new file mode 100644 index 0000000..6101154 --- /dev/null +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/certificate_store/MergeCallbacksTest.java @@ -0,0 +1,244 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package org.pgpainless.certificate_store; + +import org.bouncycastle.util.io.Streams; +import org.junit.jupiter.api.Test; +import pgp.certificate_store.certificate.KeyMaterial; +import pgp.certificate_store.certificate.KeyMaterialMerger; +import pgp.certificate_store.exception.BadDataException; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.nio.charset.Charset; + +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertSame; + +public class MergeCallbacksTest { + + private static final String KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" + + "Version: PGPainless\n" + + "Comment: 8E0F C503 D081 002A 2BC8 60A1 1CFC 3439 106D 1DD1\n" + + "Comment: Marge Simpson \n" + + "\n" + + "lFgEYwdeTxYJKwYBBAHaRw8BAQdA/culAZNfjpo8NyfJv9ggwUJBY/9Ps27wRzj1\n" + + "3i5Y/akAAQCel3XRH2ERU2+6C4kJEb3YXNtbH3CHJhkP+co3JQBJygz0tCBNYXJn\n" + + "ZSBTaW1wc29uIDxtYXJnZUBzaW1wc29uLnR2PoiPBBMWCgBBBQJjB15QCRAc/DQ5\n" + + "EG0d0RYhBI4PxQPQgQAqK8hgoRz8NDkQbR3RAp4BApsBBRYCAwEABAsJCAcFFQoJ\n" + + "CAsCmQEAAC34AP9jqFThNA0FeNxEEh+BKA/diGkxsAZaI0HscLeuoECOoAD9FjcO\n" + + "1TtI0UjF1wvRAGuoL6PrgNQ/kAE++zyzaXlbDAKcXQRjB15QEgorBgEEAZdVAQUB\n" + + "AQdAHQPnqtZwENOdLiD19wgjUpo/U0pJ4s/HCjgUQrFro38DAQgHAAD/VrXgi8fE\n" + + "UUAVLn+C3GXCJV0CBnCvLvMn6QwDUIbi1sgQF4h1BBgWCgAdBQJjB15QAp4BApsM\n" + + "BRYCAwEABAsJCAcFFQoJCAsACgkQHPw0ORBtHdGDdgD8DS1IyA0j4mnKPw93BLLn\n" + + "Wkt6Tc8tEc1Yy3fddhaGXXMBAIMu6ww43TM2EdQM/2orh8MhDZaBdDnD4egQ1ES4\n" + + "zxYJnFgEYwdeUBYJKwYBBAHaRw8BAQdAw/Pfecs1QEMAuTY8wGqEgpigYFx6GLHS\n" + + "qpgJkVds4hsAAP9JZ3XgkUguI4tUO9CyGCwxfBoUv1+F+XlYoxlyZV0M2A4qiNUE\n" + + "GBYKAH0FAmMHXlACngECmwIFFgIDAQAECwkIBwUVCgkIC18gBBkWCgAGBQJjB15Q\n" + + "AAoJEO8Ou9qRn4/Lk4ABAOTUMLOTPL9svmyoHmeVKYh4pL92/+zrsNL2Kh8BX7/F\n" + + "APsE3/N3J5MB2ZEyzNSU84STG3Aqa+2I2u4w58CeL8eRCAAKCRAc/DQ5EG0d0QBm\n" + + "AQDvHR1I/B4VBqMu44wcw1czqqFojv1KQMETnLCfU5Q4cwD+Mt6mNoXADACcnw2P\n" + + "3u5u3NoFQ0v2vFSaCoBxVzUQrgo=\n" + + "=OKv0\n" + + "-----END PGP PRIVATE KEY BLOCK-----"; + private static final String KEY_WITH_SIG = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" + + "Version: PGPainless\n" + + "Comment: 8E0F C503 D081 002A 2BC8 60A1 1CFC 3439 106D 1DD1\n" + + "Comment: Marge Simpson \n" + + "\n" + + "lFgEYwdeTxYJKwYBBAHaRw8BAQdA/culAZNfjpo8NyfJv9ggwUJBY/9Ps27wRzj1\n" + + "3i5Y/akAAQCel3XRH2ERU2+6C4kJEb3YXNtbH3CHJhkP+co3JQBJygz0iHUEHxYK\n" + + "ACcFAmMHXlAJEBz8NDkQbR3RFiEEjg/FA9CBACoryGChHPw0ORBtHdEAAEI4AP4w\n" + + "H667enh2czzfH8n4NeluivHQIavx6THn40MELAiBQQD/T3IdrTn0YDVmfdAGmCPL\n" + + "lNjOxPDus5SESpLuS6A7IAi0IE1hcmdlIFNpbXBzb24gPG1hcmdlQHNpbXBzb24u\n" + + "dHY+iI8EExYKAEEFAmMHXlAJEBz8NDkQbR3RFiEEjg/FA9CBACoryGChHPw0ORBt\n" + + "HdECngECmwEFFgIDAQAECwkIBwUVCgkICwKZAQAALfgA/2OoVOE0DQV43EQSH4Eo\n" + + "D92IaTGwBlojQexwt66gQI6gAP0WNw7VO0jRSMXXC9EAa6gvo+uA1D+QAT77PLNp\n" + + "eVsMApxdBGMHXlASCisGAQQBl1UBBQEBB0AdA+eq1nAQ050uIPX3CCNSmj9TSkni\n" + + "z8cKOBRCsWujfwMBCAcAAP9WteCLx8RRQBUuf4LcZcIlXQIGcK8u8yfpDANQhuLW\n" + + "yBAXiHUEGBYKAB0FAmMHXlACngECmwwFFgIDAQAECwkIBwUVCgkICwAKCRAc/DQ5\n" + + "EG0d0YN2APwNLUjIDSPiaco/D3cEsudaS3pNzy0RzVjLd912FoZdcwEAgy7rDDjd\n" + + "MzYR1Az/aiuHwyENloF0OcPh6BDURLjPFgmcWARjB15QFgkrBgEEAdpHDwEBB0DD\n" + + "8995yzVAQwC5NjzAaoSCmKBgXHoYsdKqmAmRV2ziGwAA/0lndeCRSC4ji1Q70LIY\n" + + "LDF8GhS/X4X5eVijGXJlXQzYDiqI1QQYFgoAfQUCYwdeUAKeAQKbAgUWAgMBAAQL\n" + + "CQgHBRUKCQgLXyAEGRYKAAYFAmMHXlAACgkQ7w672pGfj8uTgAEA5NQws5M8v2y+\n" + + "bKgeZ5UpiHikv3b/7Ouw0vYqHwFfv8UA+wTf83cnkwHZkTLM1JTzhJMbcCpr7Yja\n" + + "7jDnwJ4vx5EIAAoJEBz8NDkQbR3RAGYBAO8dHUj8HhUGoy7jjBzDVzOqoWiO/UpA\n" + + "wROcsJ9TlDhzAP4y3qY2hcAMAJyfDY/e7m7c2gVDS/a8VJoKgHFXNRCuCg==\n" + + "=WrKH\n" + + "-----END PGP PRIVATE KEY BLOCK-----"; + private static final String CERT = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + + "Version: PGPainless\n" + + "Comment: 8E0F C503 D081 002A 2BC8 60A1 1CFC 3439 106D 1DD1\n" + + "Comment: Marge Simpson \n" + + "\n" + + "mDMEYwdeTxYJKwYBBAHaRw8BAQdA/culAZNfjpo8NyfJv9ggwUJBY/9Ps27wRzj1\n" + + "3i5Y/am0IE1hcmdlIFNpbXBzb24gPG1hcmdlQHNpbXBzb24udHY+iI8EExYKAEEF\n" + + "AmMHXlAJEBz8NDkQbR3RFiEEjg/FA9CBACoryGChHPw0ORBtHdECngECmwEFFgID\n" + + "AQAECwkIBwUVCgkICwKZAQAALfgA/2OoVOE0DQV43EQSH4EoD92IaTGwBlojQexw\n" + + "t66gQI6gAP0WNw7VO0jRSMXXC9EAa6gvo+uA1D+QAT77PLNpeVsMArg4BGMHXlAS\n" + + "CisGAQQBl1UBBQEBB0AdA+eq1nAQ050uIPX3CCNSmj9TSkniz8cKOBRCsWujfwMB\n" + + "CAeIdQQYFgoAHQUCYwdeUAKeAQKbDAUWAgMBAAQLCQgHBRUKCQgLAAoJEBz8NDkQ\n" + + "bR3Rg3YA/A0tSMgNI+Jpyj8PdwSy51pLek3PLRHNWMt33XYWhl1zAQCDLusMON0z\n" + + "NhHUDP9qK4fDIQ2WgXQ5w+HoENREuM8WCbgzBGMHXlAWCSsGAQQB2kcPAQEHQMPz\n" + + "33nLNUBDALk2PMBqhIKYoGBcehix0qqYCZFXbOIbiNUEGBYKAH0FAmMHXlACngEC\n" + + "mwIFFgIDAQAECwkIBwUVCgkIC18gBBkWCgAGBQJjB15QAAoJEO8Ou9qRn4/Lk4AB\n" + + "AOTUMLOTPL9svmyoHmeVKYh4pL92/+zrsNL2Kh8BX7/FAPsE3/N3J5MB2ZEyzNSU\n" + + "84STG3Aqa+2I2u4w58CeL8eRCAAKCRAc/DQ5EG0d0QBmAQDvHR1I/B4VBqMu44wc\n" + + "w1czqqFojv1KQMETnLCfU5Q4cwD+Mt6mNoXADACcnw2P3u5u3NoFQ0v2vFSaCoBx\n" + + "VzUQrgo=\n" + + "=mKjW\n" + + "-----END PGP PUBLIC KEY BLOCK-----"; + private static final String CERT_WITH_SIG = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + + "Version: PGPainless\n" + + "Comment: 8E0F C503 D081 002A 2BC8 60A1 1CFC 3439 106D 1DD1\n" + + "Comment: Marge Simpson \n" + + "\n" + + "mDMEYwdeTxYJKwYBBAHaRw8BAQdA/culAZNfjpo8NyfJv9ggwUJBY/9Ps27wRzj1\n" + + "3i5Y/amIdQQfFgoAJwUCYwdeUAkQHPw0ORBtHdEWIQSOD8UD0IEAKivIYKEc/DQ5\n" + + "EG0d0QAAQjgA/jAfrrt6eHZzPN8fyfg16W6K8dAhq/HpMefjQwQsCIFBAP9Pch2t\n" + + "OfRgNWZ90AaYI8uU2M7E8O6zlIRKku5LoDsgCLQgTWFyZ2UgU2ltcHNvbiA8bWFy\n" + + "Z2VAc2ltcHNvbi50dj6IjwQTFgoAQQUCYwdeUAkQHPw0ORBtHdEWIQSOD8UD0IEA\n" + + "KivIYKEc/DQ5EG0d0QKeAQKbAQUWAgMBAAQLCQgHBRUKCQgLApkBAAAt+AD/Y6hU\n" + + "4TQNBXjcRBIfgSgP3YhpMbAGWiNB7HC3rqBAjqAA/RY3DtU7SNFIxdcL0QBrqC+j\n" + + "64DUP5ABPvs8s2l5WwwCuDgEYwdeUBIKKwYBBAGXVQEFAQEHQB0D56rWcBDTnS4g\n" + + "9fcII1KaP1NKSeLPxwo4FEKxa6N/AwEIB4h1BBgWCgAdBQJjB15QAp4BApsMBRYC\n" + + "AwEABAsJCAcFFQoJCAsACgkQHPw0ORBtHdGDdgD8DS1IyA0j4mnKPw93BLLnWkt6\n" + + "Tc8tEc1Yy3fddhaGXXMBAIMu6ww43TM2EdQM/2orh8MhDZaBdDnD4egQ1ES4zxYJ\n" + + "uDMEYwdeUBYJKwYBBAHaRw8BAQdAw/Pfecs1QEMAuTY8wGqEgpigYFx6GLHSqpgJ\n" + + "kVds4huI1QQYFgoAfQUCYwdeUAKeAQKbAgUWAgMBAAQLCQgHBRUKCQgLXyAEGRYK\n" + + "AAYFAmMHXlAACgkQ7w672pGfj8uTgAEA5NQws5M8v2y+bKgeZ5UpiHikv3b/7Ouw\n" + + "0vYqHwFfv8UA+wTf83cnkwHZkTLM1JTzhJMbcCpr7Yja7jDnwJ4vx5EIAAoJEBz8\n" + + "NDkQbR3RAGYBAO8dHUj8HhUGoy7jjBzDVzOqoWiO/UpAwROcsJ9TlDhzAP4y3qY2\n" + + "hcAMAJyfDY/e7m7c2gVDS/a8VJoKgHFXNRCuCg==\n" + + "=H6OY\n" + + "-----END PGP PUBLIC KEY BLOCK-----"; + + private static final KeyMaterialReader reader = new KeyMaterialReader(); + + @Test + public void testOverrideExisting() throws IOException, BadDataException { + KeyMaterialMerger merger = MergeCallbacks.overrideExisting(); + KeyMaterial existing = parse(CERT); + KeyMaterial update = parse(KEY); + + assertSame(update, merger.merge(update, existing)); + } + + @Test + public void testOverrideExistingNull() throws IOException, BadDataException { + KeyMaterialMerger merger = MergeCallbacks.overrideExisting(); + KeyMaterial existing = null; + KeyMaterial update = parse(KEY); + + assertSame(update, merger.merge(update, existing)); + } + + @Test + public void testOverrideExistingWithNull() throws IOException, BadDataException { + KeyMaterialMerger merger = MergeCallbacks.overrideExisting(); + KeyMaterial existing = parse(CERT); + KeyMaterial update = null; + + assertNull(merger.merge(update, existing)); + } + + @Test + public void testMergeExistingCertWithSelf() throws BadDataException, IOException { + KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting(); + KeyMaterial existing = parse(CERT); + KeyMaterial update = parse(CERT); + + assertEncodingEquals(existing, merger.merge(update, existing)); + } + + @Test + public void testMergeExistingCertWithNull() throws BadDataException, IOException { + KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting(); + KeyMaterial existing = parse(CERT); + + assertEncodingEquals(existing, merger.merge(null, existing)); + } + + + @Test + public void testMergeNullWithCert() throws BadDataException, IOException { + KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting(); + KeyMaterial update = parse(CERT); + + assertEncodingEquals(update, merger.merge(update, null)); + } + + @Test + public void testMergeCertWithUpdate() throws BadDataException, IOException { + KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting(); + KeyMaterial existing = parse(CERT); + KeyMaterial update = parse(CERT_WITH_SIG); + + assertEncodingEquals(update, merger.merge(update, existing)); + } + + @Test + public void testMergeUpdateWithCert() throws BadDataException, IOException { + KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting(); + KeyMaterial existing = parse(CERT_WITH_SIG); + KeyMaterial update = parse(CERT); + + assertEncodingEquals(existing, merger.merge(update, existing)); + } + + @Test + public void testMergeKeyWithCert() throws BadDataException, IOException { + KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting(); + KeyMaterial existing = parse(KEY); + KeyMaterial update = parse(CERT); + + assertEncodingEquals(existing, merger.merge(update, existing)); + } + + @Test + public void testMergeCertWithKey() throws BadDataException, IOException { + KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting(); + KeyMaterial existing = parse(CERT); + KeyMaterial update = parse(KEY); + + assertEncodingEquals(update, merger.merge(update, existing)); + } + + @Test + public void testMergeKeyWithUpdateCert() throws BadDataException, IOException { + KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting(); + KeyMaterial existing = parse(KEY); + KeyMaterial update = parse(CERT_WITH_SIG); + KeyMaterial expected = parse(KEY_WITH_SIG); + assertEncodingEquals(expected, merger.merge(update, existing)); + } + + @Test + public void testMergeUpdateCertWithKey() throws BadDataException, IOException { + KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting(); + KeyMaterial existing = parse(CERT_WITH_SIG); + KeyMaterial update = parse(KEY); + KeyMaterial expected = parse(KEY_WITH_SIG); + + assertEncodingEquals(expected, merger.merge(update, existing)); + } + + private static KeyMaterial parse(String encoding) throws BadDataException, IOException { + return reader.read(new ByteArrayInputStream(encoding.getBytes(Charset.forName("UTF8"))), null); + } + + private static void assertEncodingEquals(KeyMaterial one, KeyMaterial two) throws IOException { + ByteArrayOutputStream oneOut = new ByteArrayOutputStream(); + ByteArrayOutputStream twoOut = new ByteArrayOutputStream(); + + Streams.pipeAll(one.getInputStream(), oneOut); + Streams.pipeAll(two.getInputStream(), twoOut); + + assertArrayEquals(oneOut.toByteArray(), twoOut.toByteArray()); + } +} From f21802523acb2c56b41d2926cfc5158a126cc9f2 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 25 Aug 2022 14:26:36 +0200 Subject: [PATCH 46/63] CLI: Add test for Setup command --- .../main/java/pgp/cert_d/cli/PGPCertDCli.java | 6 +- .../java/pgp/cert_d/cli/InstantiateCLI.java | 18 +++ .../pgp/cert_d/cli/commands/SetupTest.java | 125 ++++++++++++++++++ 3 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/InstantiateCLI.java create mode 100644 pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/commands/SetupTest.java diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index 501d6ca..7fbac8f 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -40,7 +40,7 @@ public class PGPCertDCli { scope = CommandLine.ScopeType.INHERIT) File baseDirectory; - private static PGPainlessCertD certificateDirectory; + static PGPainlessCertD certificateDirectory; private int executionStrategy(CommandLine.ParseResult parseResult) { try { @@ -52,6 +52,10 @@ public class PGPCertDCli { } private void initStore() throws NotAStoreException, SQLException { + if (certificateDirectory != null) { + return; + } + if (baseDirectory == null) { baseDirectory = BaseDirectoryProvider.getDefaultBaseDir(); } diff --git a/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/InstantiateCLI.java b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/InstantiateCLI.java new file mode 100644 index 0000000..6a20ff6 --- /dev/null +++ b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/InstantiateCLI.java @@ -0,0 +1,18 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli; + +import org.pgpainless.certificate_store.PGPainlessCertD; + +public class InstantiateCLI { + + public static void resetStore() { + PGPCertDCli.certificateDirectory = null; + } + + public static void setInMemoryStore() { + PGPCertDCli.certificateDirectory = PGPainlessCertD.inMemory(); + } +} diff --git a/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/commands/SetupTest.java b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/commands/SetupTest.java new file mode 100644 index 0000000..b4664c0 --- /dev/null +++ b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/commands/SetupTest.java @@ -0,0 +1,125 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli.commands; + +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.pgpainless.PGPainless; +import org.pgpainless.certificate_store.PGPainlessCertD; +import org.pgpainless.key.OpenPgpFingerprint; +import org.pgpainless.key.info.KeyInfo; +import org.pgpainless.key.protection.UnlockSecretKey; +import org.pgpainless.util.Passphrase; +import pgp.cert_d.cli.InstantiateCLI; +import pgp.cert_d.cli.PGPCertDCli; +import pgp.certificate_store.certificate.Key; +import pgp.certificate_store.certificate.KeyMaterial; +import pgp.certificate_store.exception.BadDataException; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.nio.charset.Charset; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +public class SetupTest { + + private PGPainlessCertD store; + + @BeforeEach + public void setup() { + InstantiateCLI.setInMemoryStore(); + store = PGPCertDCli.getCertificateDirectory(); + } + + @AfterEach + public void teardown() { + InstantiateCLI.resetStore(); + store = null; + } + + @Test + public void testSetupGeneratesTrustRoot() + throws BadDataException, IOException { + assertNull(store.getTrustRoot()); + + PGPCertDCli.main(new String[] {"setup"}); + KeyMaterial trustRoot = store.getTrustRoot(); + assertNotNull(trustRoot); + assertTrue(trustRoot instanceof Key); + + // Check that key has no password + PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(trustRoot.getInputStream()); + assertTrue(KeyInfo.isDecrypted(secretKeys.getSecretKey())); + } + + @Test + public void testSetupWithPassword() + throws BadDataException, IOException, PGPException { + assertNull(store.getTrustRoot()); + + PGPCertDCli.main(new String[] {"setup", "--with-password", "sw0rdf1sh"}); + KeyMaterial trustRoot = store.getTrustRoot(); + assertNotNull(trustRoot); + assertTrue(trustRoot instanceof Key); + + // Check that key is encrypted + PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(trustRoot.getInputStream()); + assertTrue(KeyInfo.isEncrypted(secretKeys.getSecretKey())); + // Check that password matches + assertNotNull(UnlockSecretKey.unlockSecretKey( + secretKeys.getSecretKey(), Passphrase.fromPassword("sw0rdf1sh"))); + } + + @Test + public void testSetupImportFromStdin() + throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, + BadDataException, IOException { + assertNull(store.getTrustRoot()); + + PGPSecretKeyRing trustRoot = PGPainless.generateKeyRing() + .modernKeyRing("trust-root"); + OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(trustRoot); + String armored = PGPainless.asciiArmor(trustRoot); + ByteArrayInputStream trustRootIn = new ByteArrayInputStream( + armored.getBytes(Charset.forName("UTF8"))); + + InputStream originalStdin = System.in; + System.setIn(trustRootIn); + PGPCertDCli.main(new String[] {"setup", "--import-from-stdin"}); + System.setIn(originalStdin); + + KeyMaterial importedTrustRoot = store.getTrustRoot(); + assertEquals(fingerprint.toString().toLowerCase(), importedTrustRoot.getFingerprint()); + } + + @Test + public void testSetupOverridesExistingTrustRoot() + throws BadDataException, IOException { + assertNull(store.getTrustRoot()); + + PGPCertDCli.main(new String[] {"setup"}); + KeyMaterial trustRoot = store.getTrustRoot(); + assertNotNull(trustRoot); + String fingerprint = trustRoot.getFingerprint(); + + // Override trust-root by calling setup again + PGPCertDCli.main(new String[] {"setup"}); + trustRoot = store.getTrustRoot(); + assertNotNull(trustRoot); + + assertNotEquals(fingerprint, trustRoot.getFingerprint()); + } +} From 52a31cb541e037a24476b87517216c3690086687 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 26 Aug 2022 19:46:47 +0200 Subject: [PATCH 47/63] Delete DummyTest --- .../src/test/java/pgp/cert_d/cli/DummyTest.java | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/DummyTest.java diff --git a/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/DummyTest.java b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/DummyTest.java deleted file mode 100644 index 0d3c58d..0000000 --- a/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/DummyTest.java +++ /dev/null @@ -1,17 +0,0 @@ -// SPDX-FileCopyrightText: 2022 Paul Schaub -// -// SPDX-License-Identifier: Apache-2.0 - -package pgp.cert_d.cli; - -import org.junit.jupiter.api.Test; - -import static org.junit.jupiter.api.Assertions.assertTrue; - -public class DummyTest { - - @Test - public void test() { - assertTrue(true); - } -} From 27ae686d526362b0e6e27bece7b51ee86a0989df Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sat, 27 Aug 2022 13:38:32 +0200 Subject: [PATCH 48/63] Bump cert-d-java to 0.2.1 and handle NoSuchElementExceptions --- .../src/main/java/pgp/cert_d/cli/commands/Get.java | 3 +++ .../test/java/pgp/cert_d/cli/commands/SetupTest.java | 11 ++++++----- .../cert_d/SharedPGPCertificateDirectoryTest.java | 11 ++++++----- version.gradle | 2 +- 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java index 9422d2e..b06361d 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java @@ -19,6 +19,7 @@ import pgp.certificate_store.exception.BadNameException; import picocli.CommandLine; import java.io.IOException; +import java.util.NoSuchElementException; @CommandLine.Command(name = "get", resourceBundle = "msg_get") @@ -57,6 +58,8 @@ public class Get implements Runnable { Streams.pipeAll(record.getInputStream(), System.out); } + } catch (NoSuchElementException e) { + LOGGER.debug("Certificate not found.", e); } catch (IOException e) { LOGGER.error("IO Error", e); System.exit(-1); diff --git a/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/commands/SetupTest.java b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/commands/SetupTest.java index b4664c0..d3a505a 100644 --- a/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/commands/SetupTest.java +++ b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/commands/SetupTest.java @@ -27,11 +27,12 @@ import java.io.InputStream; import java.nio.charset.Charset; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; +import java.util.NoSuchElementException; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; public class SetupTest { @@ -53,7 +54,7 @@ public class SetupTest { @Test public void testSetupGeneratesTrustRoot() throws BadDataException, IOException { - assertNull(store.getTrustRoot()); + assertThrows(NoSuchElementException.class, () -> store.getTrustRoot()); PGPCertDCli.main(new String[] {"setup"}); KeyMaterial trustRoot = store.getTrustRoot(); @@ -68,7 +69,7 @@ public class SetupTest { @Test public void testSetupWithPassword() throws BadDataException, IOException, PGPException { - assertNull(store.getTrustRoot()); + assertThrows(NoSuchElementException.class, () -> store.getTrustRoot()); PGPCertDCli.main(new String[] {"setup", "--with-password", "sw0rdf1sh"}); KeyMaterial trustRoot = store.getTrustRoot(); @@ -87,7 +88,7 @@ public class SetupTest { public void testSetupImportFromStdin() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, BadDataException, IOException { - assertNull(store.getTrustRoot()); + assertThrows(NoSuchElementException.class, () -> store.getTrustRoot()); PGPSecretKeyRing trustRoot = PGPainless.generateKeyRing() .modernKeyRing("trust-root"); @@ -108,7 +109,7 @@ public class SetupTest { @Test public void testSetupOverridesExistingTrustRoot() throws BadDataException, IOException { - assertNull(store.getTrustRoot()); + assertThrows(NoSuchElementException.class, () -> store.getTrustRoot()); PGPCertDCli.main(new String[] {"setup"}); KeyMaterial trustRoot = store.getTrustRoot(); diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java index 7b2521b..d3fc5ec 100644 --- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java @@ -7,7 +7,7 @@ package org.pgpainless.cert_d; import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertThrows; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; @@ -20,6 +20,7 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.Map; +import java.util.NoSuchElementException; import java.util.Set; import java.util.stream.Stream; @@ -74,8 +75,8 @@ public class SharedPGPCertificateDirectoryTest { OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(cert); ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); - // standard case: get() is null - assertNull(directory.getByFingerprint(fingerprint.toString().toLowerCase())); + // standard case: no cert found + assertThrows(NoSuchElementException.class, () -> directory.getByFingerprint(fingerprint.toString().toLowerCase())); // insert and check returned certs fingerprint Certificate certificate = directory.insert(certIn, dummyMerge); @@ -99,8 +100,8 @@ public class SharedPGPCertificateDirectoryTest { OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(trustRoot); ByteArrayInputStream certIn = new ByteArrayInputStream(trustRoot.getEncoded()); - // standard case: get() is null - assertNull(directory.getBySpecialName("trust-root")); + // standard case: no cert found + assertThrows(NoSuchElementException.class, () -> directory.getBySpecialName("trust-root")); // insert and check returned certs fingerprint Certificate certificate = directory.insertWithSpecialName("trust-root", certIn, dummyMerge); diff --git a/version.gradle b/version.gradle index 982e05b..d7f242e 100644 --- a/version.gradle +++ b/version.gradle @@ -13,7 +13,7 @@ allprojects { junitVersion = '5.8.2' mockitoVersion = '4.5.1' pgpainlessVersion = '1.3.5' - pgpCertDJavaVersion = '0.2.0' + pgpCertDJavaVersion = '0.2.1' picocliVersion = '4.6.3' } } From d8a060d0dfd99310ff44108148957cace84f5a52 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sat, 27 Aug 2022 13:38:50 +0200 Subject: [PATCH 49/63] Fix typo --- .../src/main/java/pgp/cert_d/cli/commands/Get.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java index b06361d..3a998e8 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java @@ -34,16 +34,16 @@ public class Get implements Runnable { paramLabel = "IDENTIFIER", arity = "1" ) - String identifer; + String identifier; @Override public void run() { try { KeyMaterial record; - if (SpecialNames.lookupSpecialName(identifer) != null) { - record = PGPCertDCli.getCertificateDirectory().getBySpecialName(identifer); + if (SpecialNames.lookupSpecialName(identifier) != null) { + record = PGPCertDCli.getCertificateDirectory().getBySpecialName(identifier); } else { - record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer.toLowerCase()); + record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifier.toLowerCase()); } if (record == null) { return; From 76a5a91fe03cca7ba22685c351722181f1b8f1be Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sat, 27 Aug 2022 13:45:00 +0200 Subject: [PATCH 50/63] Add exit codes for some failure modes --- .../src/main/java/pgp/cert_d/cli/PGPCertDCli.java | 5 ++++- .../src/main/java/pgp/cert_d/cli/commands/Get.java | 7 ++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index 7fbac8f..b22d47f 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -42,11 +42,14 @@ public class PGPCertDCli { static PGPainlessCertD certificateDirectory; + // https://www.cyberciti.biz/faq/linux-bash-exit-status-set-exit-statusin-bash/ + public static final int EXIT_CODE_NOT_A_STORE = 30; + private int executionStrategy(CommandLine.ParseResult parseResult) { try { initStore(); } catch (NotAStoreException | SQLException e) { - return -1; + return EXIT_CODE_NOT_A_STORE; } return new CommandLine.RunLast().execute(parseResult); } diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java index 3a998e8..6e35ecc 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java @@ -27,6 +27,10 @@ public class Get implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(Get.class); + // https://www.cyberciti.biz/faq/linux-bash-exit-status-set-exit-statusin-bash/ + public static final int EXIT_CODE_NO_SUCH_ELEMENT = 2; + public static final int EXIT_CODE_IO_ERROR = 5; + @CommandLine.Option(names = {"-a", "--armor"}) boolean armor = false; @@ -60,9 +64,10 @@ public class Get implements Runnable { } catch (NoSuchElementException e) { LOGGER.debug("Certificate not found.", e); + System.exit(EXIT_CODE_NO_SUCH_ELEMENT); } catch (IOException e) { LOGGER.error("IO Error", e); - System.exit(-1); + System.exit(EXIT_CODE_IO_ERROR); } catch (BadDataException e) { LOGGER.error("Certificate file contains bad data.", e); System.exit(-1); From f109b598f6cf415b12378aa1dcf88a401d02c915 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 1 Sep 2022 11:18:08 +0200 Subject: [PATCH 51/63] Compare certs based on encoding --- .../org/pgpainless/certificate_store/MergeCallbacks.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java index cbd3a44..000e935 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java @@ -16,6 +16,7 @@ import pgp.certificate_store.certificate.KeyMaterialMerger; import pgp.certificate_store.exception.BadDataException; import java.io.IOException; +import java.util.Arrays; import java.util.Iterator; public class MergeCallbacks { @@ -107,7 +108,7 @@ public class MergeCallbacks { } } - private void printOutDifferences(PGPKeyRing existingCert, PGPKeyRing mergedCert) { + private void printOutDifferences(PGPKeyRing existingCert, PGPKeyRing mergedCert) throws IOException { int numSigsBefore = countSigs(existingCert); int numSigsAfter = countSigs(mergedCert); int newSigs = numSigsAfter - numSigsBefore; @@ -115,7 +116,7 @@ public class MergeCallbacks { int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs()); int newUids = numUidsAfter - numUidsBefore; - if (!existingCert.equals(mergedCert)) { + if (!Arrays.equals(existingCert.getEncoded(), mergedCert.getEncoded())) { OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert); StringBuilder sb = new StringBuilder(); sb.append(String.format("Certificate %s has", fingerprint)); From 47e9f5f08abe88e115d85c7495af72bd0d7fd3c0 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 1 Sep 2022 11:29:47 +0200 Subject: [PATCH 52/63] Print out fingerprints when inserting|importing keys --- .../src/main/java/pgp/cert_d/cli/commands/Import.java | 3 +++ .../src/main/java/pgp/cert_d/cli/commands/Insert.java | 3 +++ .../src/main/java/pgp/cert_d/cli/commands/Setup.java | 7 ++++++- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index 3dfcfb4..5306d24 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -33,6 +33,9 @@ public class Import implements Runnable { ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); Certificate certificate = PGPCertDCli.getCertificateDirectory() .insert(certIn, MergeCallbacks.mergeWithExisting()); + // CHECKSTYLE:OFF + System.out.println(certificate.getFingerprint()); + // CHECKSTYLE:ON } } catch (IOException e) { LOGGER.error("IO-Error.", e); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java index 25987d0..cf62fd8 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java @@ -25,6 +25,9 @@ public class Insert implements Runnable { try { Certificate certificate = PGPCertDCli.getCertificateDirectory() .insert(System.in, MergeCallbacks.mergeWithExisting()); + // CHECKSTYLE:OFF + System.out.println(certificate.getFingerprint()); + // CHECKSTYLE:ON } catch (IOException e) { LOGGER.error("IO-Error.", e); System.exit(-1); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java index 2cdc5c4..070c284 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java @@ -17,6 +17,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.pgpainless.certificate_store.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; +import pgp.certificate_store.certificate.KeyMaterial; import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; @@ -61,7 +62,11 @@ public class Setup implements Runnable { try { InputStream inputStream = new ByteArrayInputStream(trustRoot.getEncoded()); - PGPCertDCli.getCertificateDirectory().insertTrustRoot(inputStream, MergeCallbacks.overrideExisting()); + KeyMaterial inserted = PGPCertDCli.getCertificateDirectory() + .insertTrustRoot(inputStream, MergeCallbacks.overrideExisting()); + // CHECKSTYLE:OFF + System.out.println(inserted.getFingerprint()); + // CHECKSTYLE:ON } catch (BadDataException e) { throw new RuntimeException(e); From 5b0f22f5151333caff24ff2bdf94f58506f10786 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 1 Sep 2022 11:37:09 +0200 Subject: [PATCH 53/63] Cert-D-PGPainless 0.2.0 --- CHANGELOG.md | 12 +++++++++++- README.md | 3 ++- version.gradle | 4 ++-- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e2e320a..787c372 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,9 +5,19 @@ SPDX-License-Identifier: CC0-1.0 # Cert-D-PGPainless Changelog -## 0.1.3-SNAPSHOT +## 0.2.0 - `get`: Apply `toLowerCase()` to fingerprints - Use BCs `PGPPublicKeyRing.join(first, second)` method to properly merge certificates +- Implement storing of `trust-root` key +- Bump `cert-d-java` to `0.2.1` +- Changes to CLI + - Add support for i18n using resource bundles + - Rename `import` command to `insert` + - Rename `multi-import` command to `import` + - Add `export` command + - Add basic `list` command + - `get` command: Allow querying by special name + - Add armor headers to output of `get` command ## 0.1.2 - Add name and description to main command diff --git a/README.md b/README.md index e7e9981..4535866 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,8 @@ SPDX-License-Identifier: Apache-2.0 [![Coverage Status](https://coveralls.io/repos/github/pgpainless/cert-d-pgpainless/badge.svg?branch=main)](https://coveralls.io/github/pgpainless/cert-d-pgpainless?branch=main) [![REUSE status](https://api.reuse.software/badge/github.com/pgpainless/cert-d-pgpainless)](https://api.reuse.software/info/github.com/pgpainless/cert-d-pgpainless) -This repository contains implementations of the [Shared PGP Certificate Directory](https://sequoia-pgp.gitlab.io/pgp-cert-d/) specification using [PGPainless](https://pgpainless.org) as backend. +This repository contains implementations of the [Shared PGP Certificate Directory](https://sequoia-pgp.gitlab.io/pgp-cert-d/) +specification using [PGPainless](https://pgpainless.org) as backend. The module `pgpainless-cert-d` can be used as a drop-in implementation of `pgp-certificate-store`. diff --git a/version.gradle b/version.gradle index d7f242e..44b08ac 100644 --- a/version.gradle +++ b/version.gradle @@ -4,8 +4,8 @@ allprojects { ext { - shortVersion = '0.1.3' - isSnapshot = true + shortVersion = '0.2.0' + isSnapshot = false minAndroidSdk = 10 javaSourceCompatibility = 1.8 slf4jVersion = '1.7.36' From c8bf6c5f837b4d7b05abe628b01d270de5e857eb Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 1 Sep 2022 11:38:56 +0200 Subject: [PATCH 54/63] Cert-D-PGPainless 0.2.1-SNAPSHOT --- version.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.gradle b/version.gradle index 44b08ac..024bca2 100644 --- a/version.gradle +++ b/version.gradle @@ -4,8 +4,8 @@ allprojects { ext { - shortVersion = '0.2.0' - isSnapshot = false + shortVersion = '0.2.1' + isSnapshot = true minAndroidSdk = 10 javaSourceCompatibility = 1.8 slf4jVersion = '1.7.36' From 97fe547649f05d509a9044a95d4be99f67d21a4e Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 11 Nov 2022 14:33:17 +0100 Subject: [PATCH 55/63] Bump PGPainless to 1.3.12 --- .../pgpainless/certificate_store/KeyMaterialReader.java | 9 +++++++-- version.gradle | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java index 112bf18..8ba3b9d 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java @@ -23,8 +23,13 @@ public class KeyMaterialReader implements KeyMaterialReaderBackend { try { keyMaterial = PGPainless.readKeyRing().keyRing(data); } catch (IOException e) { - if (e.getMessage().contains("unknown object in stream") || - e.getMessage().contains("unexpected end of file in armored stream.")) { + String msg = e.getMessage(); + if (msg == null) { + throw e; + } + if (msg.contains("unknown object in stream") || + msg.contains("unexpected end of file in armored stream.") || + msg.contains("invalid header encountered")) { throw new BadDataException(); } else { throw e; diff --git a/version.gradle b/version.gradle index 024bca2..4425a52 100644 --- a/version.gradle +++ b/version.gradle @@ -12,7 +12,7 @@ allprojects { logbackVersion = '1.2.11' junitVersion = '5.8.2' mockitoVersion = '4.5.1' - pgpainlessVersion = '1.3.5' + pgpainlessVersion = '1.3.12' pgpCertDJavaVersion = '0.2.1' picocliVersion = '4.6.3' } From 3ded66c3399ccb1cabcb55cfa79542cde5633220 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 11 Nov 2022 14:35:43 +0100 Subject: [PATCH 56/63] Update CHANGELOG --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 787c372..33dfca5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ SPDX-License-Identifier: CC0-1.0 # Cert-D-PGPainless Changelog +# 0.2.1-SNAPSHOT +- Bump `pgpainless-core` to `1.3.12` + ## 0.2.0 - `get`: Apply `toLowerCase()` to fingerprints - Use BCs `PGPPublicKeyRing.join(first, second)` method to properly merge certificates From dd0a56147d3e3aaa645bddf322a970d2cca6e602 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 11 Nov 2022 14:37:47 +0100 Subject: [PATCH 57/63] Cert-D-PGPainless 0.2.1 --- CHANGELOG.md | 2 +- version.gradle | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 33dfca5..848e1df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ SPDX-License-Identifier: CC0-1.0 # Cert-D-PGPainless Changelog -# 0.2.1-SNAPSHOT +# 0.2.1 - Bump `pgpainless-core` to `1.3.12` ## 0.2.0 diff --git a/version.gradle b/version.gradle index 4425a52..2d7355f 100644 --- a/version.gradle +++ b/version.gradle @@ -5,7 +5,7 @@ allprojects { ext { shortVersion = '0.2.1' - isSnapshot = true + isSnapshot = false minAndroidSdk = 10 javaSourceCompatibility = 1.8 slf4jVersion = '1.7.36' From 9c61b6353f1f813484be73cc23fed35315cda807 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 11 Nov 2022 14:49:58 +0100 Subject: [PATCH 58/63] Cert-D-PGPainless 0.2.2-SNAPSHOT --- version.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.gradle b/version.gradle index 2d7355f..4466a99 100644 --- a/version.gradle +++ b/version.gradle @@ -4,8 +4,8 @@ allprojects { ext { - shortVersion = '0.2.1' - isSnapshot = false + shortVersion = '0.2.2' + isSnapshot = true minAndroidSdk = 10 javaSourceCompatibility = 1.8 slf4jVersion = '1.7.36' From 3f4fddfa7b5047c753f8bde4596b4bf883144ceb Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 7 Jul 2023 12:09:47 +0200 Subject: [PATCH 59/63] Bump cert-d-java to 0.2.2 --- version.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.gradle b/version.gradle index 4466a99..4c69907 100644 --- a/version.gradle +++ b/version.gradle @@ -13,7 +13,7 @@ allprojects { junitVersion = '5.8.2' mockitoVersion = '4.5.1' pgpainlessVersion = '1.3.12' - pgpCertDJavaVersion = '0.2.1' + pgpCertDJavaVersion = '0.2.2' picocliVersion = '4.6.3' } } From 5b44f91ffb809dc9891a2b2a07328eae79a8d65f Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 7 Jul 2023 12:10:18 +0200 Subject: [PATCH 60/63] Bump pgpainless-core to 1.5.6 --- .../src/main/java/pgp/cert_d/cli/commands/Import.java | 4 ---- version.gradle | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index 5306d24..9e92e9f 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -4,7 +4,6 @@ package pgp.cert_d.cli.commands; -import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.pgpainless.PGPainless; @@ -46,9 +45,6 @@ public class Import implements Runnable { } catch (BadDataException e) { LOGGER.error("Certificate contains bad data.", e); System.exit(-1); - } catch (PGPException e) { - LOGGER.error("PGP Exception.", e); - System.exit(-1); } } } diff --git a/version.gradle b/version.gradle index 4c69907..9d3c43f 100644 --- a/version.gradle +++ b/version.gradle @@ -12,7 +12,7 @@ allprojects { logbackVersion = '1.2.11' junitVersion = '5.8.2' mockitoVersion = '4.5.1' - pgpainlessVersion = '1.3.12' + pgpainlessVersion = '1.5.6' pgpCertDJavaVersion = '0.2.2' picocliVersion = '4.6.3' } From 4001e4d6c74959528f8322b0032a7d626d67decf Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 7 Jul 2023 12:10:57 +0200 Subject: [PATCH 61/63] Update changelog --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 848e1df..dd257fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,11 @@ SPDX-License-Identifier: CC0-1.0 # Cert-D-PGPainless Changelog -# 0.2.1 +## 0.2.2 +- Bump `pgpainless-core` to `1.5.6` +- Bump `cert-d-java` to `0.2.2` + +## 0.2.1 - Bump `pgpainless-core` to `1.3.12` ## 0.2.0 From 2050450c6e4dccddababa3b0e6eb5293392f1edc Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 7 Jul 2023 12:17:35 +0200 Subject: [PATCH 62/63] Cert-D-PGPainless 0.2.2 --- version.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.gradle b/version.gradle index 9d3c43f..95ba3ce 100644 --- a/version.gradle +++ b/version.gradle @@ -5,7 +5,7 @@ allprojects { ext { shortVersion = '0.2.2' - isSnapshot = true + isSnapshot = false minAndroidSdk = 10 javaSourceCompatibility = 1.8 slf4jVersion = '1.7.36' From f061b076dc93e0728b0c3ac920754b899ad15e27 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 7 Jul 2023 12:19:47 +0200 Subject: [PATCH 63/63] Cert-D-PGPainless 0.2.3-SNAPSHOT --- version.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.gradle b/version.gradle index 95ba3ce..beeb5c3 100644 --- a/version.gradle +++ b/version.gradle @@ -4,8 +4,8 @@ allprojects { ext { - shortVersion = '0.2.2' - isSnapshot = false + shortVersion = '0.2.3' + isSnapshot = true minAndroidSdk = 10 javaSourceCompatibility = 1.8 slf4jVersion = '1.7.36'