Move and implement key-capable MergeCallbacks

Implement List command, adapt changes from cert-d-java
2025-09-09 10:19:48 +02:00 · 2022-08-12 15:43:22 +02:00 · 2022-08-12 15:04:54 +02:00
23 changed files with 326 additions and 168 deletions
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java
@ -1,122 +0,0 @@
 // SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
 //
 // SPDX-License-Identifier: Apache-2.0
 package pgp.cert_d.cli;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.pgpainless.PGPainless;
 import org.pgpainless.certificate_store.CertificateFactory;
 import org.pgpainless.key.OpenPgpFingerprint;
 import pgp.certificate.KeyMaterial;
 import pgp.certificate.KeyMaterialMerger;
 import java.io.IOException;
 import java.util.Iterator;
 public class MergeCallbacks {
    /**
     * Return a {@link KeyMaterialMerger} that merges the two copies of the same certificate (same primary key) into one
     * combined certificate.
     *
     * @return merging callback
     */
    public static KeyMaterialMerger mergeCertificates() {
        return new KeyMaterialMerger() {
            @Override
            public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) throws IOException {
                try {
                    PGPPublicKeyRing existingCert = PGPainless.readKeyRing().publicKeyRing(existing.getInputStream());
                    PGPPublicKeyRing updatedCert = PGPainless.readKeyRing().publicKeyRing(data.getInputStream());
                    PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert);
                    printOutDifferences(existingCert, mergedCert);
                    return CertificateFactory.certificateFromPublicKeyRing(mergedCert);
                } catch (PGPException e) {
                    throw new RuntimeException(e);
                }
            }
            private void printOutDifferences(PGPPublicKeyRing existingCert, PGPPublicKeyRing mergedCert) {
                int numSigsBefore = countSigs(existingCert);
                int numSigsAfter = countSigs(mergedCert);
                int newSigs = numSigsAfter - numSigsBefore;
                int numUidsBefore = count(existingCert.getPublicKey().getUserIDs());
                int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs());
                int newUids = numUidsAfter - numUidsBefore;
                if (!existingCert.equals(mergedCert)) {
                    OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert);
                    StringBuilder sb = new StringBuilder();
                    sb.append(String.format("Certificate %s has", fingerprint));
                    if (newSigs != 0) {
                        sb.append(String.format(" %d new signatures", newSigs));
                    }
                    if (newUids != 0) {
                        if (newSigs != 0) {
                            sb.append(" and");
                        }
                        sb.append(String.format(" %d new UIDs", newUids));
                    }
                    if (newSigs == 0 && newUids == 0) {
                        sb.append(" changed");
                    }
                    // In this case it is okay to print to stdout, since we are a CLI app
                    // CHECKSTYLE:OFF
                    System.out.println(sb);
                    // CHECKSTYLE:ON
                }
            }
            private int countSigs(PGPPublicKeyRing keys) {
                int numSigs = 0;
                for (PGPPublicKey key : keys) {
                    numSigs += count(key.getSignatures());
                }
                return numSigs;
            }
            // TODO: Use CollectionUtils.count() once available
            private int count(Iterator<?> iterator) {
                int num = 0;
                while (iterator.hasNext()) {
                    iterator.next();
                    num++;
                }
                return num;
            }
        };
    }
    /**
     * Return an implementation of {@link KeyMaterialMerger} that ignores the existing certificate and instead
     * returns the first instance.
     *
     * @return overriding callback
     */
    public static KeyMaterialMerger overrideCertificate() {
        // noinspection Convert2Lambda
        return new KeyMaterialMerger() {
            @Override
            public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
                return data;
            }
        };
    }
    public static KeyMaterialMerger overrideKey() {
        // noinspection Convert2Lambda
        return new KeyMaterialMerger() {
            @Override
            public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
                return data;
            }
        };
    }
 }
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java
@ -6,13 +6,15 @@ package pgp.cert_d.cli;
 import org.pgpainless.certificate_store.PGPainlessCertD;
 import pgp.cert_d.BaseDirectoryProvider;
 import pgp.cert_d.exception.NotAStoreException;
 import pgp.cert_d.cli.commands.Export;
 import pgp.cert_d.cli.commands.Find;
 import pgp.cert_d.cli.commands.Get;
 import pgp.cert_d.cli.commands.Insert;
 import pgp.cert_d.cli.commands.Import;
 import pgp.cert_d.cli.commands.List;
 import pgp.cert_d.cli.commands.Setup;
 import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookupFactory;
 import pgp.certificate_store.exception.NotAStoreException;
 import picocli.CommandLine;
 import java.io.File;
@ -28,7 +30,8 @@ import java.sql.SQLException;
                Import.class,
                Get.class,
                Setup.class,
-                List.class
+                List.class,
                Find.class
        }
 )
 public class PGPCertDCli {
@ -53,7 +56,7 @@ public class PGPCertDCli {
            baseDirectory = BaseDirectoryProvider.getDefaultBaseDir();
        }
-        PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory);
+        PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory, new DatabaseSubkeyLookupFactory());
    }
    public static void main(String[] args) {
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java
@ -9,7 +9,7 @@ import org.bouncycastle.util.io.Streams;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import pgp.cert_d.cli.PGPCertDCli;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.Certificate;
 import picocli.CommandLine;
 import java.io.IOException;
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java
@ -0,0 +1,57 @@
 // SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
 //
 // SPDX-License-Identifier: Apache-2.0
 package pgp.cert_d.cli.commands;
 import org.pgpainless.key.OpenPgpFingerprint;
 import pgp.cert_d.cli.PGPCertDCli;
 import picocli.CommandLine;
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Set;
 import java.util.regex.Pattern;
@CommandLine.Command(name = "find",
        resourceBundle = "msg_find")
 public class Find implements Runnable {
    private static final Pattern LONG_KEY_ID = Pattern.compile("^[0-9A-Fa-f]{16}$");
    @CommandLine.Parameters(
            paramLabel = "IDENTIFIER",
            arity = "1")
    String identifier;
    @Override
    public void run() {
        if (identifier == null) {
            throw new IllegalArgumentException("No subkey ID provided.");
        }
        identifier = identifier.trim();
        long subkeyId = 0;
        try {
            OpenPgpFingerprint fingerprint = OpenPgpFingerprint.parse(identifier);
            subkeyId = fingerprint.getKeyId();
        } catch (IllegalArgumentException e) {
            if (!LONG_KEY_ID.matcher(identifier).matches()) {
                throw new IllegalArgumentException("Provided long key-id does not match expected format. " +
                        "A long key-id consists of 16 hexadecimal characters.");
            }
            subkeyId =  new BigInteger(identifier, 16).longValue();
        }
        try {
            Set<String> fingerprints = PGPCertDCli.getCertificateDirectory()
                    .getCertificateFingerprintsForSubkeyId(subkeyId);
            for (String fingerprint : fingerprints) {
                // CHECKSTYLE:OFF
                System.out.println(fingerprint);
                // CHECKSTYLE:ON
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
 }
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java
@ -4,14 +4,15 @@
 package pgp.cert_d.cli.commands;
 import org.bouncycastle.bcpg.ArmoredOutputStream;
 import org.bouncycastle.util.io.Streams;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import pgp.cert_d.exception.BadDataException;
 import pgp.cert_d.exception.BadNameException;
 import pgp.cert_d.SpecialNames;
 import pgp.cert_d.cli.PGPCertDCli;
-import pgp.certificate.KeyMaterial;
+import pgp.certificate_store.certificate.KeyMaterial;
 import pgp.certificate_store.exception.BadDataException;
 import pgp.certificate_store.exception.BadNameException;
 import picocli.CommandLine;
 import java.io.IOException;
@ -22,6 +23,9 @@ public class Get implements Runnable {
    private static final Logger LOGGER = LoggerFactory.getLogger(Get.class);
    @CommandLine.Option(names = {"-a", "--armor"})
    boolean armor = false;
    @CommandLine.Parameters(
            paramLabel = "IDENTIFIER",
            arity = "1"
@ -35,12 +39,20 @@ public class Get implements Runnable {
            if (SpecialNames.lookupSpecialName(identifer) != null) {
                record = PGPCertDCli.getCertificateDirectory().getBySpecialName(identifer);
            } else {
-                record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer);
+                record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer.toLowerCase());
            }
            if (record == null) {
                return;
            }
-            Streams.pipeAll(record.getInputStream(), System.out);
+
            if (armor) {
                ArmoredOutputStream armorOut = new ArmoredOutputStream(System.out);
                Streams.pipeAll(record.getInputStream(), armorOut);
                armorOut.close();
            } else {
                Streams.pipeAll(record.getInputStream(), System.out);
            }
        } catch (IOException e) {
            LOGGER.error("IO Error", e);
            System.exit(-1);
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java
@ -10,10 +10,10 @@ import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
 import org.pgpainless.PGPainless;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import pgp.cert_d.exception.BadDataException;
+import org.pgpainless.certificate_store.MergeCallbacks;
 import pgp.cert_d.cli.MergeCallbacks;
 import pgp.cert_d.cli.PGPCertDCli;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.Certificate;
 import pgp.certificate_store.exception.BadDataException;
 import picocli.CommandLine;
 import java.io.ByteArrayInputStream;
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java
@ -6,10 +6,10 @@ package pgp.cert_d.cli.commands;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import pgp.cert_d.exception.BadDataException;
+import org.pgpainless.certificate_store.MergeCallbacks;
 import pgp.cert_d.cli.MergeCallbacks;
 import pgp.cert_d.cli.PGPCertDCli;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.Certificate;
 import pgp.certificate_store.exception.BadDataException;
 import picocli.CommandLine;
 import java.io.IOException;
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java
@ -5,7 +5,7 @@
 package pgp.cert_d.cli.commands;
 import pgp.cert_d.cli.PGPCertDCli;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.Certificate;
 import picocli.CommandLine;
 import java.util.Iterator;
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java
@ -15,9 +15,9 @@ import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
 import org.pgpainless.util.Passphrase;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import pgp.cert_d.exception.BadDataException;
+import org.pgpainless.certificate_store.MergeCallbacks;
 import pgp.cert_d.cli.MergeCallbacks;
 import pgp.cert_d.cli.PGPCertDCli;
 import pgp.certificate_store.exception.BadDataException;
 import picocli.CommandLine;
 import java.io.ByteArrayInputStream;
--- a/pgpainless-cert-d-cli/src/main/resources/msg_export.properties
+++ b/pgpainless-cert-d-cli/src/main/resources/msg_export.properties
@ -2,6 +2,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 usage.header=Export all certificates in the store to Standard Output
 armor=Wrap the output in ASCII armor
 # Generic TODO: Remove when bumping picocli to 4.7.0
 usage.synopsisHeading=Usage:\u0020
--- a/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties
+++ b/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties
@ -2,6 +2,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 usage.header=Exportiere alle gespeicherten Zertifikate zur Standardausgabe
 armor=Verpacke the Ausgabe in ASCII Armor
 # Generic TODO: Remove when bumping picocli to 4.7.0
 usage.synopsisHeading=Aufruf:\u0020
--- a/pgpainless-cert-d-cli/src/main/resources/msg_find.properties
+++ b/pgpainless-cert-d-cli/src/main/resources/msg_find.properties
@ -0,0 +1,11 @@
 # SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
 #
 # SPDX-License-Identifier: Apache-2.0
 usage.header=Lookup primary certificate fingerprints by subkey ids or fingerprints
 # Generic TODO: Remove when bumping picocli to 4.7.0
 usage.synopsisHeading=Usage:\u0020
 usage.commandListHeading = %nCommands:%n
 usage.optionListHeading = %nOptions:%n
 usage.footerHeading=Powered by picocli%n
 store=Overwrite the default certificate directory path
--- a/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties
+++ b/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties
@ -0,0 +1,11 @@
 # SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
 #
 # SPDX-License-Identifier: Apache-2.0
 usage.header=Schlage primäre Fingerabdrücke von Zertifikaten per ID oder Fingerabdruck von Unterschlüsseln nach
 # Generic TODO: Remove when bumping picocli to 4.7.0
 usage.synopsisHeading=Aufruf:\u0020
 usage.commandListHeading=%nBefehle:%n
 usage.optionListHeading = %nOptionen:%n
 usage.footerHeading=Powered by Picocli%n
 store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses
--- a/pgpainless-cert-d-cli/src/main/resources/msg_get.properties
+++ b/pgpainless-cert-d-cli/src/main/resources/msg_get.properties
@ -3,6 +3,7 @@
 # SPDX-License-Identifier: Apache-2.0
 usage.header=Retrieve certificates from the store
 IDENTIFIER[0]=Certificate identifier (fingerprint or special name)
 armor=Wrap the output in ASCII armor
 # Generic TODO: Remove when bumping picocli to 4.7.0
 usage.synopsisHeading=Usage:\u0020
--- a/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties
+++ b/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties
@ -3,6 +3,7 @@
 # SPDX-License-Identifier: Apache-2.0
 usage.header=Frage Zertifikate aus dem Speicher ab
 IDENTIFIER[0]=Zertifikatskennung (Fingerabdruck oder Spezialname)
 armor=Verpacke the Ausgabe in ASCII Armor
 # Generic TODO: Remove when bumping picocli to 4.7.0
 usage.synopsisHeading=Aufruf:\u0020
--- a/pgpainless-cert-d/build.gradle
+++ b/pgpainless-cert-d/build.gradle
@ -34,6 +34,7 @@ dependencies {
    // pgp.cert.d
    api "org.pgpainless:pgp-cert-d-java:$pgpCertDJavaVersion"
    api "org.pgpainless:pgp-certificate-store:$pgpCertDJavaVersion"
 }
 animalsniffer {
--- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java
+++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java
@ -8,16 +8,16 @@ import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.util.encoders.Base64;
 import org.pgpainless.key.OpenPgpFingerprint;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.Certificate;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.HashSet;
+import java.util.ArrayList;
 import java.util.Iterator;
-import java.util.Set;
+import java.util.List;
 public class CertificateFactory {
@ -46,8 +46,8 @@ public class CertificateFactory {
            }
            @Override
-            public Set<Long> getSubkeyIds() throws IOException {
+            public List<Long> getSubkeyIds() throws IOException {
-                Set<Long> keyIds = new HashSet<>();
+                List<Long> keyIds = new ArrayList<>();
                Iterator<PGPPublicKey> keys = publicKeyRing.getPublicKeys();
                while (keys.hasNext()) {
                    keyIds.add(keys.next().getKeyID());
--- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java
+++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java
@ -8,15 +8,15 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.util.encoders.Base64;
 import org.pgpainless.PGPainless;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.Certificate;
-import pgp.certificate.Key;
+import pgp.certificate_store.certificate.Key;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.Set;
+import java.util.List;
 public class KeyFactory {
@ -52,7 +52,7 @@ public class KeyFactory {
            }
            @Override
-            public Set<Long> getSubkeyIds() throws IOException {
+            public List<Long> getSubkeyIds() throws IOException {
                return getCertificate().getSubkeyIds();
            }
        };
--- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java
+++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java
@ -8,9 +8,9 @@ import org.bouncycastle.openpgp.PGPKeyRing;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.pgpainless.PGPainless;
-import pgp.cert_d.exception.BadDataException;
+import pgp.certificate_store.certificate.KeyMaterial;
-import pgp.certificate.KeyMaterial;
+import pgp.certificate_store.certificate.KeyMaterialReaderBackend;
-import pgp.certificate.KeyMaterialReaderBackend;
+import pgp.certificate_store.exception.BadDataException;
 import java.io.IOException;
 import java.io.InputStream;
--- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java
+++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java
@ -0,0 +1,173 @@
 // SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
 //
 // SPDX-License-Identifier: Apache-2.0
 package org.pgpainless.certificate_store;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPKeyRing;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.pgpainless.PGPainless;
 import org.pgpainless.key.OpenPgpFingerprint;
 import pgp.certificate_store.certificate.KeyMaterial;
 import pgp.certificate_store.certificate.KeyMaterialMerger;
 import pgp.certificate_store.exception.BadDataException;
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.Iterator;
 public class MergeCallbacks {
    /**
     * Return a {@link KeyMaterialMerger} that merges the two copies of the same certificate (same primary key) into one
     * combined certificate.
     *
     * @return merging callback
     */
    public static KeyMaterialMerger mergeCertificates() {
        return new KeyMaterialMerger() {
            @Override
            public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) throws IOException {
                if (data == null) {
                    return existing;
                }
                if (existing == null) {
                    return data;
                }
                try {
                    PGPKeyRing existingKeyRing = PGPainless.readKeyRing().keyRing(existing.getInputStream());
                    PGPKeyRing updatedKeyRing = PGPainless.readKeyRing().keyRing(data.getInputStream());
                    PGPKeyRing mergedKeyRing;
                    if (existingKeyRing instanceof PGPPublicKeyRing) {
                        PGPPublicKeyRing existingCert = (PGPPublicKeyRing) existingKeyRing;
                        if (updatedKeyRing instanceof PGPPublicKeyRing) {
                            mergedKeyRing = PGPPublicKeyRing.join(existingCert, (PGPPublicKeyRing) updatedKeyRing);
                        } else if (updatedKeyRing instanceof PGPSecretKeyRing) {
                            PGPPublicKeyRing updatedPublicKeys = PGPainless.extractCertificate((PGPSecretKeyRing) updatedKeyRing);
                            PGPPublicKeyRing mergedPublicKeys = PGPPublicKeyRing.join(existingCert, updatedPublicKeys);
                            updatedKeyRing = PGPSecretKeyRing.replacePublicKeys((PGPSecretKeyRing) updatedKeyRing, mergedPublicKeys);
                            mergedKeyRing = updatedKeyRing;
                        } else {
                            throw new IOException(new BadDataException());
                        }
                    } else if (existingKeyRing instanceof PGPSecretKeyRing) {
                        PGPSecretKeyRing existingKey = (PGPSecretKeyRing) existingKeyRing;
                        PGPPublicKeyRing existingCert = PGPainless.extractCertificate(existingKey);
                        if (updatedKeyRing instanceof PGPPublicKeyRing) {
                            PGPPublicKeyRing updatedCert = (PGPPublicKeyRing) updatedKeyRing;
                            PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert);
                            mergedKeyRing = PGPSecretKeyRing.replacePublicKeys(existingKey, mergedCert);
                        } else if (updatedKeyRing instanceof PGPSecretKeyRing) {
                            PGPSecretKeyRing updatedKey = (PGPSecretKeyRing) updatedKeyRing;
                            if (!Arrays.equals(existingKey.getEncoded(), updatedKey.getEncoded())) {
                                // Merging secret keys is not supported.
                                return existing;
                            }
                            mergedKeyRing = existingKeyRing;
                        } else {
                            throw new IOException(new BadDataException());
                        }
                    } else {
                        throw new IOException(new BadDataException());
                    }
                    printOutDifferences(existingKeyRing, mergedKeyRing);
                    if (mergedKeyRing instanceof PGPPublicKeyRing) {
                        return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) mergedKeyRing);
                    } else {
                        return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) mergedKeyRing);
                    }
                } catch (PGPException e) {
                    throw new RuntimeException(e);
                }
            }
            private void printOutDifferences(PGPKeyRing existingCert, PGPKeyRing mergedCert) {
                int numSigsBefore = countSigs(existingCert);
                int numSigsAfter = countSigs(mergedCert);
                int newSigs = numSigsAfter - numSigsBefore;
                int numUidsBefore = count(existingCert.getPublicKey().getUserIDs());
                int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs());
                int newUids = numUidsAfter - numUidsBefore;
                if (!existingCert.equals(mergedCert)) {
                    OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert);
                    StringBuilder sb = new StringBuilder();
                    sb.append(String.format("Certificate %s has", fingerprint));
                    if (newSigs != 0) {
                        sb.append(String.format(" %d new signatures", newSigs));
                    }
                    if (newUids != 0) {
                        if (newSigs != 0) {
                            sb.append(" and");
                        }
                        sb.append(String.format(" %d new UIDs", newUids));
                    }
                    if (newSigs == 0 && newUids == 0) {
                        sb.append(" changed");
                    }
                    // In this case it is okay to print to stdout, since we are a CLI app
                    // CHECKSTYLE:OFF
                    System.out.println(sb);
                    // CHECKSTYLE:ON
                }
            }
            private int countSigs(PGPKeyRing keys) {
                int numSigs = 0;
                Iterator<PGPPublicKey> iterator = keys.getPublicKeys();
                while (iterator.hasNext()) {
                    PGPPublicKey key = iterator.next();
                    numSigs += count(key.getSignatures());
                }
                return numSigs;
            }
            // TODO: Use CollectionUtils.count() once available
            private int count(Iterator<?> iterator) {
                int num = 0;
                while (iterator.hasNext()) {
                    iterator.next();
                    num++;
                }
                return num;
            }
        };
    }
    /**
     * Return an implementation of {@link KeyMaterialMerger} that ignores the existing certificate and instead
     * returns the first instance.
     *
     * @return overriding callback
     */
    public static KeyMaterialMerger overrideCertificate() {
        // noinspection Convert2Lambda
        return new KeyMaterialMerger() {
            @Override
            public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
                return data;
            }
        };
    }
    public static KeyMaterialMerger overrideKey() {
        // noinspection Convert2Lambda
        return new KeyMaterialMerger() {
            @Override
            public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
                return data;
            }
        };
    }
 }
--- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java
+++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java
@ -7,8 +7,11 @@ package org.pgpainless.certificate_store;
 import pgp.cert_d.BaseDirectoryProvider;
 import pgp.cert_d.backend.FileBasedCertificateDirectoryBackend;
 import pgp.cert_d.backend.InMemoryCertificateDirectoryBackend;
 import pgp.cert_d.exception.NotAStoreException;
 import pgp.cert_d.PGPCertificateDirectory;
 import pgp.cert_d.subkey_lookup.InMemorySubkeyLookup;
 import pgp.cert_d.subkey_lookup.SubkeyLookup;
 import pgp.cert_d.subkey_lookup.SubkeyLookupFactory;
 import pgp.certificate_store.exception.NotAStoreException;
 import java.io.File;
@ -16,21 +19,25 @@ public class PGPainlessCertD extends PGPCertificateDirectory {
    private static final KeyMaterialReader keyMaterialReader = new KeyMaterialReader();
-    public PGPainlessCertD(Backend backend) {
+    public PGPainlessCertD(Backend backend, SubkeyLookup subkeyLookup) {
-        super(backend);
+        super(backend, subkeyLookup);
    }
    public static PGPainlessCertD inMemory() {
        Backend backend = new InMemoryCertificateDirectoryBackend(keyMaterialReader);
-        return new PGPainlessCertD(backend);
+        SubkeyLookup subkeyLookup = new InMemorySubkeyLookup();
        return new PGPainlessCertD(backend, subkeyLookup);
    }
-    public static PGPainlessCertD fileBased() throws NotAStoreException {
+    public static PGPainlessCertD fileBased(SubkeyLookupFactory subkeyLookupFactory)
-        return fileBased(BaseDirectoryProvider.getDefaultBaseDir());
+            throws NotAStoreException {
        return fileBased(BaseDirectoryProvider.getDefaultBaseDir(), subkeyLookupFactory);
    }
-    public static PGPainlessCertD fileBased(File baseDirectory) throws NotAStoreException {
+    public static PGPainlessCertD fileBased(File baseDirectory, SubkeyLookupFactory subkeyLookupFactory)
            throws NotAStoreException {
        Backend backend = new FileBasedCertificateDirectoryBackend(baseDirectory, keyMaterialReader);
-        return new PGPainlessCertD(backend);
+        SubkeyLookup subkeyLookup = subkeyLookupFactory.createFileBasedInstance(baseDirectory);
        return new PGPainlessCertD(backend, subkeyLookup);
    }
 }
--- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java
+++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java
@ -36,12 +36,13 @@ import org.pgpainless.key.OpenPgpFingerprint;
 import org.pgpainless.key.generation.KeySpec;
 import org.pgpainless.key.generation.type.KeyType;
 import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
-import pgp.cert_d.exception.BadDataException;
+import pgp.cert_d.subkey_lookup.InMemorySubkeyLookupFactory;
-import pgp.cert_d.exception.BadNameException;
+import pgp.certificate_store.certificate.Certificate;
-import pgp.cert_d.exception.NotAStoreException;
+import pgp.certificate_store.certificate.KeyMaterial;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.KeyMaterialMerger;
-import pgp.certificate.KeyMaterial;
+import pgp.certificate_store.exception.BadDataException;
-import pgp.certificate.KeyMaterialMerger;
+import pgp.certificate_store.exception.BadNameException;
 import pgp.certificate_store.exception.NotAStoreException;
 public class SharedPGPCertificateDirectoryTest {
@ -54,7 +55,7 @@ public class SharedPGPCertificateDirectoryTest {
    private static Stream<PGPainlessCertD> provideTestSubjects() throws IOException, NotAStoreException {
        return Stream.of(
-                PGPainlessCertD.fileBased(tempDir()));
+                PGPainlessCertD.fileBased(tempDir(), new InMemorySubkeyLookupFactory()));
    }
    private static File tempDir() throws IOException {
--- a/version.gradle
+++ b/version.gradle
@ -12,7 +12,7 @@ allprojects {
        logbackVersion = '1.2.11'
        junitVersion = '5.8.2'
        mockitoVersion = '4.5.1'
-        pgpainlessVersion = '1.3.5-SNAPSHOT'
+        pgpainlessVersion = '1.3.5'
        pgpCertDJavaVersion = '0.1.2-SNAPSHOT'
        picocliVersion = '4.6.3'
    }
Author	SHA1	Message	Date
Paul Schaub	7b6162682e	Move and implement key-capable MergeCallbacks	2022-08-12 15:43:22 +02:00
Paul Schaub	7a02ec865b	Implement List command, adapt changes from cert-d-java	2022-08-12 15:04:54 +02:00