diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java new file mode 100644 index 0000000..aba0342 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java @@ -0,0 +1,122 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli; + +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPPublicKey; +import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.pgpainless.PGPainless; +import org.pgpainless.certificate_store.CertificateFactory; +import org.pgpainless.key.OpenPgpFingerprint; +import pgp.certificate.KeyMaterial; +import pgp.certificate.KeyMaterialMerger; + +import java.io.IOException; +import java.util.Iterator; + +public class MergeCallbacks { + + /** + * Return a {@link KeyMaterialMerger} that merges the two copies of the same certificate (same primary key) into one + * combined certificate. + * + * @return merging callback + */ + public static KeyMaterialMerger mergeCertificates() { + return new KeyMaterialMerger() { + + @Override + public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) throws IOException { + try { + PGPPublicKeyRing existingCert = PGPainless.readKeyRing().publicKeyRing(existing.getInputStream()); + PGPPublicKeyRing updatedCert = PGPainless.readKeyRing().publicKeyRing(data.getInputStream()); + PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert); + + printOutDifferences(existingCert, mergedCert); + + return CertificateFactory.certificateFromPublicKeyRing(mergedCert); + } catch (PGPException e) { + throw new RuntimeException(e); + } + } + + private void printOutDifferences(PGPPublicKeyRing existingCert, PGPPublicKeyRing mergedCert) { + int numSigsBefore = countSigs(existingCert); + int numSigsAfter = countSigs(mergedCert); + int newSigs = numSigsAfter - numSigsBefore; + int numUidsBefore = count(existingCert.getPublicKey().getUserIDs()); + int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs()); + int newUids = numUidsAfter - numUidsBefore; + + if (!existingCert.equals(mergedCert)) { + OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert); + StringBuilder sb = new StringBuilder(); + sb.append(String.format("Certificate %s has", fingerprint)); + if (newSigs != 0) { + sb.append(String.format(" %d new signatures", newSigs)); + } + if (newUids != 0) { + if (newSigs != 0) { + sb.append(" and"); + } + sb.append(String.format(" %d new UIDs", newUids)); + } + if (newSigs == 0 && newUids == 0) { + sb.append(" changed"); + } + + // In this case it is okay to print to stdout, since we are a CLI app + // CHECKSTYLE:OFF + System.out.println(sb); + // CHECKSTYLE:ON + } + } + + private int countSigs(PGPPublicKeyRing keys) { + int numSigs = 0; + for (PGPPublicKey key : keys) { + numSigs += count(key.getSignatures()); + } + return numSigs; + } + + // TODO: Use CollectionUtils.count() once available + private int count(Iterator iterator) { + int num = 0; + while (iterator.hasNext()) { + iterator.next(); + num++; + } + return num; + } + }; + } + + /** + * Return an implementation of {@link KeyMaterialMerger} that ignores the existing certificate and instead + * returns the first instance. + * + * @return overriding callback + */ + public static KeyMaterialMerger overrideCertificate() { + // noinspection Convert2Lambda + return new KeyMaterialMerger() { + @Override + public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) { + return data; + } + }; + } + + public static KeyMaterialMerger overrideKey() { + // noinspection Convert2Lambda + return new KeyMaterialMerger() { + @Override + public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) { + return data; + } + }; + } +} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index 501d6ca..ff36878 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -6,15 +6,13 @@ package pgp.cert_d.cli; import org.pgpainless.certificate_store.PGPainlessCertD; import pgp.cert_d.BaseDirectoryProvider; +import pgp.cert_d.exception.NotAStoreException; import pgp.cert_d.cli.commands.Export; -import pgp.cert_d.cli.commands.Find; import pgp.cert_d.cli.commands.Get; import pgp.cert_d.cli.commands.Insert; import pgp.cert_d.cli.commands.Import; import pgp.cert_d.cli.commands.List; import pgp.cert_d.cli.commands.Setup; -import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookupFactory; -import pgp.certificate_store.exception.NotAStoreException; import picocli.CommandLine; import java.io.File; @@ -30,8 +28,7 @@ import java.sql.SQLException; Import.class, Get.class, Setup.class, - List.class, - Find.class + List.class } ) public class PGPCertDCli { @@ -56,7 +53,7 @@ public class PGPCertDCli { baseDirectory = BaseDirectoryProvider.getDefaultBaseDir(); } - PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory, new DatabaseSubkeyLookupFactory()); + PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory); } public static void main(String[] args) { diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java index 4bfc24f..7e06e58 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java @@ -9,7 +9,7 @@ import org.bouncycastle.util.io.Streams; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate_store.certificate.Certificate; +import pgp.certificate.Certificate; import picocli.CommandLine; import java.io.IOException; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java deleted file mode 100644 index 445a347..0000000 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java +++ /dev/null @@ -1,57 +0,0 @@ -// SPDX-FileCopyrightText: 2022 Paul Schaub -// -// SPDX-License-Identifier: Apache-2.0 - -package pgp.cert_d.cli.commands; - -import org.pgpainless.key.OpenPgpFingerprint; -import pgp.cert_d.cli.PGPCertDCli; -import picocli.CommandLine; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Set; -import java.util.regex.Pattern; - -@CommandLine.Command(name = "find", - resourceBundle = "msg_find") -public class Find implements Runnable { - - private static final Pattern LONG_KEY_ID = Pattern.compile("^[0-9A-Fa-f]{16}$"); - - @CommandLine.Parameters( - paramLabel = "IDENTIFIER", - arity = "1") - String identifier; - - @Override - public void run() { - if (identifier == null) { - throw new IllegalArgumentException("No subkey ID provided."); - } - identifier = identifier.trim(); - long subkeyId = 0; - try { - OpenPgpFingerprint fingerprint = OpenPgpFingerprint.parse(identifier); - subkeyId = fingerprint.getKeyId(); - } catch (IllegalArgumentException e) { - if (!LONG_KEY_ID.matcher(identifier).matches()) { - throw new IllegalArgumentException("Provided long key-id does not match expected format. " + - "A long key-id consists of 16 hexadecimal characters."); - } - subkeyId = new BigInteger(identifier, 16).longValue(); - } - - try { - Set fingerprints = PGPCertDCli.getCertificateDirectory() - .getCertificateFingerprintsForSubkeyId(subkeyId); - for (String fingerprint : fingerprints) { - // CHECKSTYLE:OFF - System.out.println(fingerprint); - // CHECKSTYLE:ON - } - } catch (IOException e) { - throw new RuntimeException(e); - } - } -} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java index 96c2b76..3f303c7 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java @@ -4,15 +4,14 @@ package pgp.cert_d.cli.commands; -import org.bouncycastle.bcpg.ArmoredOutputStream; import org.bouncycastle.util.io.Streams; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import pgp.cert_d.exception.BadDataException; +import pgp.cert_d.exception.BadNameException; import pgp.cert_d.SpecialNames; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate_store.certificate.KeyMaterial; -import pgp.certificate_store.exception.BadDataException; -import pgp.certificate_store.exception.BadNameException; +import pgp.certificate.KeyMaterial; import picocli.CommandLine; import java.io.IOException; @@ -23,9 +22,6 @@ public class Get implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(Get.class); - @CommandLine.Option(names = {"-a", "--armor"}) - boolean armor = false; - @CommandLine.Parameters( paramLabel = "IDENTIFIER", arity = "1" @@ -39,20 +35,12 @@ public class Get implements Runnable { if (SpecialNames.lookupSpecialName(identifer) != null) { record = PGPCertDCli.getCertificateDirectory().getBySpecialName(identifer); } else { - record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer.toLowerCase()); + record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer); } if (record == null) { return; } - - if (armor) { - ArmoredOutputStream armorOut = new ArmoredOutputStream(System.out); - Streams.pipeAll(record.getInputStream(), armorOut); - armorOut.close(); - } else { - Streams.pipeAll(record.getInputStream(), System.out); - } - + Streams.pipeAll(record.getInputStream(), System.out); } catch (IOException e) { LOGGER.error("IO Error", e); System.exit(-1); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index d7d29fb..2f35cc7 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -10,10 +10,10 @@ import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.pgpainless.PGPainless; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.pgpainless.certificate_store.MergeCallbacks; +import pgp.cert_d.exception.BadDataException; +import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate_store.certificate.Certificate; -import pgp.certificate_store.exception.BadDataException; +import pgp.certificate.Certificate; import picocli.CommandLine; import java.io.ByteArrayInputStream; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java index c88ead0..25a2116 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java @@ -6,10 +6,10 @@ package pgp.cert_d.cli.commands; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.pgpainless.certificate_store.MergeCallbacks; +import pgp.cert_d.exception.BadDataException; +import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate_store.certificate.Certificate; -import pgp.certificate_store.exception.BadDataException; +import pgp.certificate.Certificate; import picocli.CommandLine; import java.io.IOException; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java index 2ce37a0..cedf1ff 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java @@ -5,7 +5,7 @@ package pgp.cert_d.cli.commands; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate_store.certificate.Certificate; +import pgp.certificate.Certificate; import picocli.CommandLine; import java.util.Iterator; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java index 0178e0a..3f2d2d9 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java @@ -15,9 +15,9 @@ import org.pgpainless.key.generation.type.eddsa.EdDSACurve; import org.pgpainless.util.Passphrase; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.pgpainless.certificate_store.MergeCallbacks; +import pgp.cert_d.exception.BadDataException; +import pgp.cert_d.cli.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; import java.io.ByteArrayInputStream; diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_export.properties b/pgpainless-cert-d-cli/src/main/resources/msg_export.properties index 2798b4f..8d6b59a 100644 --- a/pgpainless-cert-d-cli/src/main/resources/msg_export.properties +++ b/pgpainless-cert-d-cli/src/main/resources/msg_export.properties @@ -2,7 +2,6 @@ # # SPDX-License-Identifier: Apache-2.0 usage.header=Export all certificates in the store to Standard Output -armor=Wrap the output in ASCII armor # Generic TODO: Remove when bumping picocli to 4.7.0 usage.synopsisHeading=Usage:\u0020 diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties index a078ca4..2a7a2e1 100644 --- a/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties +++ b/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties @@ -2,7 +2,6 @@ # # SPDX-License-Identifier: Apache-2.0 usage.header=Exportiere alle gespeicherten Zertifikate zur Standardausgabe -armor=Verpacke the Ausgabe in ASCII Armor # Generic TODO: Remove when bumping picocli to 4.7.0 usage.synopsisHeading=Aufruf:\u0020 diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_find.properties b/pgpainless-cert-d-cli/src/main/resources/msg_find.properties deleted file mode 100644 index d2dd833..0000000 --- a/pgpainless-cert-d-cli/src/main/resources/msg_find.properties +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-FileCopyrightText: 2022 Paul Schaub -# -# SPDX-License-Identifier: Apache-2.0 -usage.header=Lookup primary certificate fingerprints by subkey ids or fingerprints - -# Generic TODO: Remove when bumping picocli to 4.7.0 -usage.synopsisHeading=Usage:\u0020 -usage.commandListHeading = %nCommands:%n -usage.optionListHeading = %nOptions:%n -usage.footerHeading=Powered by picocli%n -store=Overwrite the default certificate directory path diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties deleted file mode 100644 index 9fe69df..0000000 --- a/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-FileCopyrightText: 2022 Paul Schaub -# -# SPDX-License-Identifier: Apache-2.0 -usage.header=Schlage primäre Fingerabdrücke von Zertifikaten per ID oder Fingerabdruck von Unterschlüsseln nach - -# Generic TODO: Remove when bumping picocli to 4.7.0 -usage.synopsisHeading=Aufruf:\u0020 -usage.commandListHeading=%nBefehle:%n -usage.optionListHeading = %nOptionen:%n -usage.footerHeading=Powered by Picocli%n -store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_get.properties b/pgpainless-cert-d-cli/src/main/resources/msg_get.properties index a031d99..5e04944 100644 --- a/pgpainless-cert-d-cli/src/main/resources/msg_get.properties +++ b/pgpainless-cert-d-cli/src/main/resources/msg_get.properties @@ -3,7 +3,6 @@ # SPDX-License-Identifier: Apache-2.0 usage.header=Retrieve certificates from the store IDENTIFIER[0]=Certificate identifier (fingerprint or special name) -armor=Wrap the output in ASCII armor # Generic TODO: Remove when bumping picocli to 4.7.0 usage.synopsisHeading=Usage:\u0020 diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties index b0f82b1..36fd12b 100644 --- a/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties +++ b/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties @@ -3,7 +3,6 @@ # SPDX-License-Identifier: Apache-2.0 usage.header=Frage Zertifikate aus dem Speicher ab IDENTIFIER[0]=Zertifikatskennung (Fingerabdruck oder Spezialname) -armor=Verpacke the Ausgabe in ASCII Armor # Generic TODO: Remove when bumping picocli to 4.7.0 usage.synopsisHeading=Aufruf:\u0020 diff --git a/pgpainless-cert-d/build.gradle b/pgpainless-cert-d/build.gradle index ed891ec..bba6ebf 100644 --- a/pgpainless-cert-d/build.gradle +++ b/pgpainless-cert-d/build.gradle @@ -34,7 +34,6 @@ dependencies { // pgp.cert.d api "org.pgpainless:pgp-cert-d-java:$pgpCertDJavaVersion" - api "org.pgpainless:pgp-certificate-store:$pgpCertDJavaVersion" } animalsniffer { diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java index 8fe8919..1757491 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java @@ -8,16 +8,16 @@ import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.util.encoders.Base64; import org.pgpainless.key.OpenPgpFingerprint; -import pgp.certificate_store.certificate.Certificate; +import pgp.certificate.Certificate; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.util.ArrayList; +import java.util.HashSet; import java.util.Iterator; -import java.util.List; +import java.util.Set; public class CertificateFactory { @@ -46,8 +46,8 @@ public class CertificateFactory { } @Override - public List getSubkeyIds() throws IOException { - List keyIds = new ArrayList<>(); + public Set getSubkeyIds() throws IOException { + Set keyIds = new HashSet<>(); Iterator keys = publicKeyRing.getPublicKeys(); while (keys.hasNext()) { keyIds.add(keys.next().getKeyID()); diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java index 18cc66e..d71777b 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java @@ -8,15 +8,15 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.util.encoders.Base64; import org.pgpainless.PGPainless; -import pgp.certificate_store.certificate.Certificate; -import pgp.certificate_store.certificate.Key; +import pgp.certificate.Certificate; +import pgp.certificate.Key; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.util.List; +import java.util.Set; public class KeyFactory { @@ -52,7 +52,7 @@ public class KeyFactory { } @Override - public List getSubkeyIds() throws IOException { + public Set getSubkeyIds() throws IOException { return getCertificate().getSubkeyIds(); } }; diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java index 34ef5a5..b102937 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java @@ -8,9 +8,9 @@ import org.bouncycastle.openpgp.PGPKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.pgpainless.PGPainless; -import pgp.certificate_store.certificate.KeyMaterial; -import pgp.certificate_store.certificate.KeyMaterialReaderBackend; -import pgp.certificate_store.exception.BadDataException; +import pgp.cert_d.exception.BadDataException; +import pgp.certificate.KeyMaterial; +import pgp.certificate.KeyMaterialReaderBackend; import java.io.IOException; import java.io.InputStream; diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java deleted file mode 100644 index 242ed49..0000000 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java +++ /dev/null @@ -1,173 +0,0 @@ -// SPDX-FileCopyrightText: 2022 Paul Schaub -// -// SPDX-License-Identifier: Apache-2.0 - -package org.pgpainless.certificate_store; - -import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPKeyRing; -import org.bouncycastle.openpgp.PGPPublicKey; -import org.bouncycastle.openpgp.PGPPublicKeyRing; -import org.bouncycastle.openpgp.PGPSecretKeyRing; -import org.pgpainless.PGPainless; -import org.pgpainless.key.OpenPgpFingerprint; -import pgp.certificate_store.certificate.KeyMaterial; -import pgp.certificate_store.certificate.KeyMaterialMerger; -import pgp.certificate_store.exception.BadDataException; - -import java.io.IOException; -import java.util.Arrays; -import java.util.Iterator; - -public class MergeCallbacks { - - /** - * Return a {@link KeyMaterialMerger} that merges the two copies of the same certificate (same primary key) into one - * combined certificate. - * - * @return merging callback - */ - public static KeyMaterialMerger mergeCertificates() { - return new KeyMaterialMerger() { - - @Override - public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) throws IOException { - if (data == null) { - return existing; - } - if (existing == null) { - return data; - } - - try { - PGPKeyRing existingKeyRing = PGPainless.readKeyRing().keyRing(existing.getInputStream()); - PGPKeyRing updatedKeyRing = PGPainless.readKeyRing().keyRing(data.getInputStream()); - - PGPKeyRing mergedKeyRing; - - if (existingKeyRing instanceof PGPPublicKeyRing) { - PGPPublicKeyRing existingCert = (PGPPublicKeyRing) existingKeyRing; - if (updatedKeyRing instanceof PGPPublicKeyRing) { - mergedKeyRing = PGPPublicKeyRing.join(existingCert, (PGPPublicKeyRing) updatedKeyRing); - } else if (updatedKeyRing instanceof PGPSecretKeyRing) { - PGPPublicKeyRing updatedPublicKeys = PGPainless.extractCertificate((PGPSecretKeyRing) updatedKeyRing); - PGPPublicKeyRing mergedPublicKeys = PGPPublicKeyRing.join(existingCert, updatedPublicKeys); - updatedKeyRing = PGPSecretKeyRing.replacePublicKeys((PGPSecretKeyRing) updatedKeyRing, mergedPublicKeys); - mergedKeyRing = updatedKeyRing; - } else { - throw new IOException(new BadDataException()); - } - } else if (existingKeyRing instanceof PGPSecretKeyRing) { - PGPSecretKeyRing existingKey = (PGPSecretKeyRing) existingKeyRing; - PGPPublicKeyRing existingCert = PGPainless.extractCertificate(existingKey); - if (updatedKeyRing instanceof PGPPublicKeyRing) { - PGPPublicKeyRing updatedCert = (PGPPublicKeyRing) updatedKeyRing; - PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert); - mergedKeyRing = PGPSecretKeyRing.replacePublicKeys(existingKey, mergedCert); - } else if (updatedKeyRing instanceof PGPSecretKeyRing) { - PGPSecretKeyRing updatedKey = (PGPSecretKeyRing) updatedKeyRing; - if (!Arrays.equals(existingKey.getEncoded(), updatedKey.getEncoded())) { - // Merging secret keys is not supported. - return existing; - } - mergedKeyRing = existingKeyRing; - } else { - throw new IOException(new BadDataException()); - } - } else { - throw new IOException(new BadDataException()); - } - - printOutDifferences(existingKeyRing, mergedKeyRing); - - if (mergedKeyRing instanceof PGPPublicKeyRing) { - return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) mergedKeyRing); - } else { - return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) mergedKeyRing); - } - - } catch (PGPException e) { - throw new RuntimeException(e); - } - } - - private void printOutDifferences(PGPKeyRing existingCert, PGPKeyRing mergedCert) { - int numSigsBefore = countSigs(existingCert); - int numSigsAfter = countSigs(mergedCert); - int newSigs = numSigsAfter - numSigsBefore; - int numUidsBefore = count(existingCert.getPublicKey().getUserIDs()); - int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs()); - int newUids = numUidsAfter - numUidsBefore; - - if (!existingCert.equals(mergedCert)) { - OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert); - StringBuilder sb = new StringBuilder(); - sb.append(String.format("Certificate %s has", fingerprint)); - if (newSigs != 0) { - sb.append(String.format(" %d new signatures", newSigs)); - } - if (newUids != 0) { - if (newSigs != 0) { - sb.append(" and"); - } - sb.append(String.format(" %d new UIDs", newUids)); - } - if (newSigs == 0 && newUids == 0) { - sb.append(" changed"); - } - - // In this case it is okay to print to stdout, since we are a CLI app - // CHECKSTYLE:OFF - System.out.println(sb); - // CHECKSTYLE:ON - } - } - - private int countSigs(PGPKeyRing keys) { - int numSigs = 0; - Iterator iterator = keys.getPublicKeys(); - while (iterator.hasNext()) { - PGPPublicKey key = iterator.next(); - numSigs += count(key.getSignatures()); - } - return numSigs; - } - - // TODO: Use CollectionUtils.count() once available - private int count(Iterator iterator) { - int num = 0; - while (iterator.hasNext()) { - iterator.next(); - num++; - } - return num; - } - }; - } - - /** - * Return an implementation of {@link KeyMaterialMerger} that ignores the existing certificate and instead - * returns the first instance. - * - * @return overriding callback - */ - public static KeyMaterialMerger overrideCertificate() { - // noinspection Convert2Lambda - return new KeyMaterialMerger() { - @Override - public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) { - return data; - } - }; - } - - public static KeyMaterialMerger overrideKey() { - // noinspection Convert2Lambda - return new KeyMaterialMerger() { - @Override - public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) { - return data; - } - }; - } -} diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java index a322301..547e535 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java @@ -7,11 +7,8 @@ package org.pgpainless.certificate_store; import pgp.cert_d.BaseDirectoryProvider; import pgp.cert_d.backend.FileBasedCertificateDirectoryBackend; import pgp.cert_d.backend.InMemoryCertificateDirectoryBackend; +import pgp.cert_d.exception.NotAStoreException; import pgp.cert_d.PGPCertificateDirectory; -import pgp.cert_d.subkey_lookup.InMemorySubkeyLookup; -import pgp.cert_d.subkey_lookup.SubkeyLookup; -import pgp.cert_d.subkey_lookup.SubkeyLookupFactory; -import pgp.certificate_store.exception.NotAStoreException; import java.io.File; @@ -19,25 +16,21 @@ public class PGPainlessCertD extends PGPCertificateDirectory { private static final KeyMaterialReader keyMaterialReader = new KeyMaterialReader(); - public PGPainlessCertD(Backend backend, SubkeyLookup subkeyLookup) { - super(backend, subkeyLookup); + public PGPainlessCertD(Backend backend) { + super(backend); } public static PGPainlessCertD inMemory() { Backend backend = new InMemoryCertificateDirectoryBackend(keyMaterialReader); - SubkeyLookup subkeyLookup = new InMemorySubkeyLookup(); - return new PGPainlessCertD(backend, subkeyLookup); + return new PGPainlessCertD(backend); } - public static PGPainlessCertD fileBased(SubkeyLookupFactory subkeyLookupFactory) - throws NotAStoreException { - return fileBased(BaseDirectoryProvider.getDefaultBaseDir(), subkeyLookupFactory); + public static PGPainlessCertD fileBased() throws NotAStoreException { + return fileBased(BaseDirectoryProvider.getDefaultBaseDir()); } - public static PGPainlessCertD fileBased(File baseDirectory, SubkeyLookupFactory subkeyLookupFactory) - throws NotAStoreException { + public static PGPainlessCertD fileBased(File baseDirectory) throws NotAStoreException { Backend backend = new FileBasedCertificateDirectoryBackend(baseDirectory, keyMaterialReader); - SubkeyLookup subkeyLookup = subkeyLookupFactory.createFileBasedInstance(baseDirectory); - return new PGPainlessCertD(backend, subkeyLookup); + return new PGPainlessCertD(backend); } } diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java index 7b2521b..69386bc 100644 --- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java @@ -36,13 +36,12 @@ import org.pgpainless.key.OpenPgpFingerprint; import org.pgpainless.key.generation.KeySpec; import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.eddsa.EdDSACurve; -import pgp.cert_d.subkey_lookup.InMemorySubkeyLookupFactory; -import pgp.certificate_store.certificate.Certificate; -import pgp.certificate_store.certificate.KeyMaterial; -import pgp.certificate_store.certificate.KeyMaterialMerger; -import pgp.certificate_store.exception.BadDataException; -import pgp.certificate_store.exception.BadNameException; -import pgp.certificate_store.exception.NotAStoreException; +import pgp.cert_d.exception.BadDataException; +import pgp.cert_d.exception.BadNameException; +import pgp.cert_d.exception.NotAStoreException; +import pgp.certificate.Certificate; +import pgp.certificate.KeyMaterial; +import pgp.certificate.KeyMaterialMerger; public class SharedPGPCertificateDirectoryTest { @@ -55,7 +54,7 @@ public class SharedPGPCertificateDirectoryTest { private static Stream provideTestSubjects() throws IOException, NotAStoreException { return Stream.of( - PGPainlessCertD.fileBased(tempDir(), new InMemorySubkeyLookupFactory())); + PGPainlessCertD.fileBased(tempDir())); } private static File tempDir() throws IOException { diff --git a/version.gradle b/version.gradle index 45efb59..90264e0 100644 --- a/version.gradle +++ b/version.gradle @@ -12,7 +12,7 @@ allprojects { logbackVersion = '1.2.11' junitVersion = '5.8.2' mockitoVersion = '4.5.1' - pgpainlessVersion = '1.3.5' + pgpainlessVersion = '1.3.5-SNAPSHOT' pgpCertDJavaVersion = '0.1.2-SNAPSHOT' picocliVersion = '4.6.3' }