Move and implement key-capable MergeCallbacks

Implement List command, adapt changes from cert-d-java
2025-09-09 10:19:48 +02:00 · 2022-08-12 15:43:22 +02:00 · 2022-08-12 15:04:54 +02:00
23 changed files with 326 additions and 168 deletions
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java
@ -1,122 +0,0 @@
-// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
-//
-// SPDX-License-Identifier: Apache-2.0
-
-package pgp.cert_d.cli;
-
-import org.bouncycastle.openpgp.PGPException;
-import org.bouncycastle.openpgp.PGPPublicKey;
-import org.bouncycastle.openpgp.PGPPublicKeyRing;
-import org.pgpainless.PGPainless;
-import org.pgpainless.certificate_store.CertificateFactory;
-import org.pgpainless.key.OpenPgpFingerprint;
-import pgp.certificate.KeyMaterial;
-import pgp.certificate.KeyMaterialMerger;
-
-import java.io.IOException;
-import java.util.Iterator;
-
-public class MergeCallbacks {
-
-    /**
-     * Return a {@link KeyMaterialMerger} that merges the two copies of the same certificate (same primary key) into one
-     * combined certificate.
-     *
-     * @return merging callback
-     */
-    public static KeyMaterialMerger mergeCertificates() {
-        return new KeyMaterialMerger() {
-
-            @Override
-            public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) throws IOException {
-                try {
-                    PGPPublicKeyRing existingCert = PGPainless.readKeyRing().publicKeyRing(existing.getInputStream());
-                    PGPPublicKeyRing updatedCert = PGPainless.readKeyRing().publicKeyRing(data.getInputStream());
-                    PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert);
-
-                    printOutDifferences(existingCert, mergedCert);
-
-                    return CertificateFactory.certificateFromPublicKeyRing(mergedCert);
-                } catch (PGPException e) {
-                    throw new RuntimeException(e);
-                }
-            }
-
-            private void printOutDifferences(PGPPublicKeyRing existingCert, PGPPublicKeyRing mergedCert) {
-                int numSigsBefore = countSigs(existingCert);
-                int numSigsAfter = countSigs(mergedCert);
-                int newSigs = numSigsAfter - numSigsBefore;
-                int numUidsBefore = count(existingCert.getPublicKey().getUserIDs());
-                int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs());
-                int newUids = numUidsAfter - numUidsBefore;
-
-                if (!existingCert.equals(mergedCert)) {
-                    OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert);
-                    StringBuilder sb = new StringBuilder();
-                    sb.append(String.format("Certificate %s has", fingerprint));
-                    if (newSigs != 0) {
-                        sb.append(String.format(" %d new signatures", newSigs));
-                    }
-                    if (newUids != 0) {
-                        if (newSigs != 0) {
-                            sb.append(" and");
-                        }
-                        sb.append(String.format(" %d new UIDs", newUids));
-                    }
-                    if (newSigs == 0 && newUids == 0) {
-                        sb.append(" changed");
-                    }
-
-                    // In this case it is okay to print to stdout, since we are a CLI app
-                    // CHECKSTYLE:OFF
-                    System.out.println(sb);
-                    // CHECKSTYLE:ON
-                }
-            }
-
-            private int countSigs(PGPPublicKeyRing keys) {
-                int numSigs = 0;
-                for (PGPPublicKey key : keys) {
-                    numSigs += count(key.getSignatures());
-                }
-                return numSigs;
-            }
-
-            // TODO: Use CollectionUtils.count() once available
-            private int count(Iterator<?> iterator) {
-                int num = 0;
-                while (iterator.hasNext()) {
-                    iterator.next();
-                    num++;
-                }
-                return num;
-            }
-        };
-    }
-
-    /**
-     * Return an implementation of {@link KeyMaterialMerger} that ignores the existing certificate and instead
-     * returns the first instance.
-     *
-     * @return overriding callback
-     */
-    public static KeyMaterialMerger overrideCertificate() {
-        // noinspection Convert2Lambda
-        return new KeyMaterialMerger() {
-            @Override
-            public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
-                return data;
-            }
-        };
-    }
-
-    public static KeyMaterialMerger overrideKey() {
-        // noinspection Convert2Lambda
-        return new KeyMaterialMerger() {
-            @Override
-            public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
-                return data;
-            }
-        };
-    }
-}
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java
@ -6,13 +6,15 @@ package pgp.cert_d.cli;

 import org.pgpainless.certificate_store.PGPainlessCertD;
 import pgp.cert_d.BaseDirectoryProvider;
-import pgp.cert_d.exception.NotAStoreException;
 import pgp.cert_d.cli.commands.Export;
+import pgp.cert_d.cli.commands.Find;
 import pgp.cert_d.cli.commands.Get;
 import pgp.cert_d.cli.commands.Insert;
 import pgp.cert_d.cli.commands.Import;
 import pgp.cert_d.cli.commands.List;
 import pgp.cert_d.cli.commands.Setup;
+import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookupFactory;
+import pgp.certificate_store.exception.NotAStoreException;
 import picocli.CommandLine;

 import java.io.File;
@ -28,7 +30,8 @@ import java.sql.SQLException;
                Import.class,
                Get.class,
                Setup.class,
-                List.class
+                List.class,
+                Find.class
        }
 )
 public class PGPCertDCli {
@ -53,7 +56,7 @@ public class PGPCertDCli {
            baseDirectory = BaseDirectoryProvider.getDefaultBaseDir();
        }

-        PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory);
+        PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory, new DatabaseSubkeyLookupFactory());
    }

    public static void main(String[] args) {
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java
@ -9,7 +9,7 @@ import org.bouncycastle.util.io.Streams;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import pgp.cert_d.cli.PGPCertDCli;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.Certificate;
 import picocli.CommandLine;

 import java.io.IOException;
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java
@ -0,0 +1,57 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package pgp.cert_d.cli.commands;
+
+import org.pgpainless.key.OpenPgpFingerprint;
+import pgp.cert_d.cli.PGPCertDCli;
+import picocli.CommandLine;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+@CommandLine.Command(name = "find",
+        resourceBundle = "msg_find")
+public class Find implements Runnable {
+
+    private static final Pattern LONG_KEY_ID = Pattern.compile("^[0-9A-Fa-f]{16}$");
+
+    @CommandLine.Parameters(
+            paramLabel = "IDENTIFIER",
+            arity = "1")
+    String identifier;
+
+    @Override
+    public void run() {
+        if (identifier == null) {
+            throw new IllegalArgumentException("No subkey ID provided.");
+        }
+        identifier = identifier.trim();
+        long subkeyId = 0;
+        try {
+            OpenPgpFingerprint fingerprint = OpenPgpFingerprint.parse(identifier);
+            subkeyId = fingerprint.getKeyId();
+        } catch (IllegalArgumentException e) {
+            if (!LONG_KEY_ID.matcher(identifier).matches()) {
+                throw new IllegalArgumentException("Provided long key-id does not match expected format. " +
+                        "A long key-id consists of 16 hexadecimal characters.");
+            }
+            subkeyId =  new BigInteger(identifier, 16).longValue();
+        }
+
+        try {
+            Set<String> fingerprints = PGPCertDCli.getCertificateDirectory()
+                    .getCertificateFingerprintsForSubkeyId(subkeyId);
+            for (String fingerprint : fingerprints) {
+                // CHECKSTYLE:OFF
+                System.out.println(fingerprint);
+                // CHECKSTYLE:ON
+            }
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+}
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java
@ -4,14 +4,15 @@

 package pgp.cert_d.cli.commands;

+import org.bouncycastle.bcpg.ArmoredOutputStream;
 import org.bouncycastle.util.io.Streams;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import pgp.cert_d.exception.BadDataException;
-import pgp.cert_d.exception.BadNameException;
 import pgp.cert_d.SpecialNames;
 import pgp.cert_d.cli.PGPCertDCli;
-import pgp.certificate.KeyMaterial;
+import pgp.certificate_store.certificate.KeyMaterial;
+import pgp.certificate_store.exception.BadDataException;
+import pgp.certificate_store.exception.BadNameException;
 import picocli.CommandLine;

 import java.io.IOException;
@ -22,6 +23,9 @@ public class Get implements Runnable {

    private static final Logger LOGGER = LoggerFactory.getLogger(Get.class);

+    @CommandLine.Option(names = {"-a", "--armor"})
+    boolean armor = false;
+
    @CommandLine.Parameters(
            paramLabel = "IDENTIFIER",
            arity = "1"
@ -35,12 +39,20 @@ public class Get implements Runnable {
            if (SpecialNames.lookupSpecialName(identifer) != null) {
                record = PGPCertDCli.getCertificateDirectory().getBySpecialName(identifer);
            } else {
-                record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer);
+                record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer.toLowerCase());
            }
            if (record == null) {
                return;
            }
+
+            if (armor) {
+                ArmoredOutputStream armorOut = new ArmoredOutputStream(System.out);
+                Streams.pipeAll(record.getInputStream(), armorOut);
+                armorOut.close();
+            } else {
                Streams.pipeAll(record.getInputStream(), System.out);
+            }
+
        } catch (IOException e) {
            LOGGER.error("IO Error", e);
            System.exit(-1);
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java
@ -10,10 +10,10 @@ import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
 import org.pgpainless.PGPainless;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import pgp.cert_d.exception.BadDataException;
-import pgp.cert_d.cli.MergeCallbacks;
+import org.pgpainless.certificate_store.MergeCallbacks;
 import pgp.cert_d.cli.PGPCertDCli;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.Certificate;
+import pgp.certificate_store.exception.BadDataException;
 import picocli.CommandLine;

 import java.io.ByteArrayInputStream;
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java
@ -6,10 +6,10 @@ package pgp.cert_d.cli.commands;

 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import pgp.cert_d.exception.BadDataException;
-import pgp.cert_d.cli.MergeCallbacks;
+import org.pgpainless.certificate_store.MergeCallbacks;
 import pgp.cert_d.cli.PGPCertDCli;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.Certificate;
+import pgp.certificate_store.exception.BadDataException;
 import picocli.CommandLine;

 import java.io.IOException;
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java
@ -5,7 +5,7 @@
 package pgp.cert_d.cli.commands;

 import pgp.cert_d.cli.PGPCertDCli;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.Certificate;
 import picocli.CommandLine;

 import java.util.Iterator;
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java
@ -15,9 +15,9 @@ import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
 import org.pgpainless.util.Passphrase;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import pgp.cert_d.exception.BadDataException;
-import pgp.cert_d.cli.MergeCallbacks;
+import org.pgpainless.certificate_store.MergeCallbacks;
 import pgp.cert_d.cli.PGPCertDCli;
+import pgp.certificate_store.exception.BadDataException;
 import picocli.CommandLine;

 import java.io.ByteArrayInputStream;
--- a/pgpainless-cert-d-cli/src/main/resources/msg_export.properties
+++ b/pgpainless-cert-d-cli/src/main/resources/msg_export.properties
@ -2,6 +2,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 usage.header=Export all certificates in the store to Standard Output
+armor=Wrap the output in ASCII armor

 # Generic TODO: Remove when bumping picocli to 4.7.0
 usage.synopsisHeading=Usage:\u0020
--- a/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties
+++ b/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties
@ -2,6 +2,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 usage.header=Exportiere alle gespeicherten Zertifikate zur Standardausgabe
+armor=Verpacke the Ausgabe in ASCII Armor

 # Generic TODO: Remove when bumping picocli to 4.7.0
 usage.synopsisHeading=Aufruf:\u0020
--- a/pgpainless-cert-d-cli/src/main/resources/msg_find.properties
+++ b/pgpainless-cert-d-cli/src/main/resources/msg_find.properties
@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+#
+# SPDX-License-Identifier: Apache-2.0
+usage.header=Lookup primary certificate fingerprints by subkey ids or fingerprints
+
+# Generic TODO: Remove when bumping picocli to 4.7.0
+usage.synopsisHeading=Usage:\u0020
+usage.commandListHeading = %nCommands:%n
+usage.optionListHeading = %nOptions:%n
+usage.footerHeading=Powered by picocli%n
+store=Overwrite the default certificate directory path
--- a/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties
+++ b/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties
@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+#
+# SPDX-License-Identifier: Apache-2.0
+usage.header=Schlage primäre Fingerabdrücke von Zertifikaten per ID oder Fingerabdruck von Unterschlüsseln nach
+
+# Generic TODO: Remove when bumping picocli to 4.7.0
+usage.synopsisHeading=Aufruf:\u0020
+usage.commandListHeading=%nBefehle:%n
+usage.optionListHeading = %nOptionen:%n
+usage.footerHeading=Powered by Picocli%n
+store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses
--- a/pgpainless-cert-d-cli/src/main/resources/msg_get.properties
+++ b/pgpainless-cert-d-cli/src/main/resources/msg_get.properties
@ -3,6 +3,7 @@
 # SPDX-License-Identifier: Apache-2.0
 usage.header=Retrieve certificates from the store
 IDENTIFIER[0]=Certificate identifier (fingerprint or special name)
+armor=Wrap the output in ASCII armor

 # Generic TODO: Remove when bumping picocli to 4.7.0
 usage.synopsisHeading=Usage:\u0020
--- a/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties
+++ b/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties
@ -3,6 +3,7 @@
 # SPDX-License-Identifier: Apache-2.0
 usage.header=Frage Zertifikate aus dem Speicher ab
 IDENTIFIER[0]=Zertifikatskennung (Fingerabdruck oder Spezialname)
+armor=Verpacke the Ausgabe in ASCII Armor

 # Generic TODO: Remove when bumping picocli to 4.7.0
 usage.synopsisHeading=Aufruf:\u0020
--- a/pgpainless-cert-d/build.gradle
+++ b/pgpainless-cert-d/build.gradle
@ -34,6 +34,7 @@ dependencies {

    // pgp.cert.d
    api "org.pgpainless:pgp-cert-d-java:$pgpCertDJavaVersion"
+    api "org.pgpainless:pgp-certificate-store:$pgpCertDJavaVersion"
 }

 animalsniffer {
--- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java
+++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java
@ -8,16 +8,16 @@ import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.util.encoders.Base64;
 import org.pgpainless.key.OpenPgpFingerprint;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.Certificate;

 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.HashSet;
+import java.util.ArrayList;
 import java.util.Iterator;
-import java.util.Set;
+import java.util.List;

 public class CertificateFactory {

@ -46,8 +46,8 @@ public class CertificateFactory {
            }

            @Override
-            public Set<Long> getSubkeyIds() throws IOException {
-                Set<Long> keyIds = new HashSet<>();
+            public List<Long> getSubkeyIds() throws IOException {
+                List<Long> keyIds = new ArrayList<>();
                Iterator<PGPPublicKey> keys = publicKeyRing.getPublicKeys();
                while (keys.hasNext()) {
                    keyIds.add(keys.next().getKeyID());
--- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java
+++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java
@ -8,15 +8,15 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.util.encoders.Base64;
 import org.pgpainless.PGPainless;
-import pgp.certificate.Certificate;
-import pgp.certificate.Key;
+import pgp.certificate_store.certificate.Certificate;
+import pgp.certificate_store.certificate.Key;

 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.Set;
+import java.util.List;

 public class KeyFactory {

@ -52,7 +52,7 @@ public class KeyFactory {
            }

            @Override
-            public Set<Long> getSubkeyIds() throws IOException {
+            public List<Long> getSubkeyIds() throws IOException {
                return getCertificate().getSubkeyIds();
            }
        };
--- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java
+++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java
@ -8,9 +8,9 @@ import org.bouncycastle.openpgp.PGPKeyRing;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.pgpainless.PGPainless;
-import pgp.cert_d.exception.BadDataException;
-import pgp.certificate.KeyMaterial;
-import pgp.certificate.KeyMaterialReaderBackend;
+import pgp.certificate_store.certificate.KeyMaterial;
+import pgp.certificate_store.certificate.KeyMaterialReaderBackend;
+import pgp.certificate_store.exception.BadDataException;

 import java.io.IOException;
 import java.io.InputStream;
--- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java
+++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java
@ -0,0 +1,173 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.certificate_store;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPKeyRing;
+import org.bouncycastle.openpgp.PGPPublicKey;
+import org.bouncycastle.openpgp.PGPPublicKeyRing;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.pgpainless.PGPainless;
+import org.pgpainless.key.OpenPgpFingerprint;
+import pgp.certificate_store.certificate.KeyMaterial;
+import pgp.certificate_store.certificate.KeyMaterialMerger;
+import pgp.certificate_store.exception.BadDataException;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Iterator;
+
+public class MergeCallbacks {
+
+    /**
+     * Return a {@link KeyMaterialMerger} that merges the two copies of the same certificate (same primary key) into one
+     * combined certificate.
+     *
+     * @return merging callback
+     */
+    public static KeyMaterialMerger mergeCertificates() {
+        return new KeyMaterialMerger() {
+
+            @Override
+            public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) throws IOException {
+                if (data == null) {
+                    return existing;
+                }
+                if (existing == null) {
+                    return data;
+                }
+
+                try {
+                    PGPKeyRing existingKeyRing = PGPainless.readKeyRing().keyRing(existing.getInputStream());
+                    PGPKeyRing updatedKeyRing = PGPainless.readKeyRing().keyRing(data.getInputStream());
+
+                    PGPKeyRing mergedKeyRing;
+
+                    if (existingKeyRing instanceof PGPPublicKeyRing) {
+                        PGPPublicKeyRing existingCert = (PGPPublicKeyRing) existingKeyRing;
+                        if (updatedKeyRing instanceof PGPPublicKeyRing) {
+                            mergedKeyRing = PGPPublicKeyRing.join(existingCert, (PGPPublicKeyRing) updatedKeyRing);
+                        } else if (updatedKeyRing instanceof PGPSecretKeyRing) {
+                            PGPPublicKeyRing updatedPublicKeys = PGPainless.extractCertificate((PGPSecretKeyRing) updatedKeyRing);
+                            PGPPublicKeyRing mergedPublicKeys = PGPPublicKeyRing.join(existingCert, updatedPublicKeys);
+                            updatedKeyRing = PGPSecretKeyRing.replacePublicKeys((PGPSecretKeyRing) updatedKeyRing, mergedPublicKeys);
+                            mergedKeyRing = updatedKeyRing;
+                        } else {
+                            throw new IOException(new BadDataException());
+                        }
+                    } else if (existingKeyRing instanceof PGPSecretKeyRing) {
+                        PGPSecretKeyRing existingKey = (PGPSecretKeyRing) existingKeyRing;
+                        PGPPublicKeyRing existingCert = PGPainless.extractCertificate(existingKey);
+                        if (updatedKeyRing instanceof PGPPublicKeyRing) {
+                            PGPPublicKeyRing updatedCert = (PGPPublicKeyRing) updatedKeyRing;
+                            PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert);
+                            mergedKeyRing = PGPSecretKeyRing.replacePublicKeys(existingKey, mergedCert);
+                        } else if (updatedKeyRing instanceof PGPSecretKeyRing) {
+                            PGPSecretKeyRing updatedKey = (PGPSecretKeyRing) updatedKeyRing;
+                            if (!Arrays.equals(existingKey.getEncoded(), updatedKey.getEncoded())) {
+                                // Merging secret keys is not supported.
+                                return existing;
+                            }
+                            mergedKeyRing = existingKeyRing;
+                        } else {
+                            throw new IOException(new BadDataException());
+                        }
+                    } else {
+                        throw new IOException(new BadDataException());
+                    }
+
+                    printOutDifferences(existingKeyRing, mergedKeyRing);
+
+                    if (mergedKeyRing instanceof PGPPublicKeyRing) {
+                        return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) mergedKeyRing);
+                    } else {
+                        return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) mergedKeyRing);
+                    }
+
+                } catch (PGPException e) {
+                    throw new RuntimeException(e);
+                }
+            }
+
+            private void printOutDifferences(PGPKeyRing existingCert, PGPKeyRing mergedCert) {
+                int numSigsBefore = countSigs(existingCert);
+                int numSigsAfter = countSigs(mergedCert);
+                int newSigs = numSigsAfter - numSigsBefore;
+                int numUidsBefore = count(existingCert.getPublicKey().getUserIDs());
+                int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs());
+                int newUids = numUidsAfter - numUidsBefore;
+
+                if (!existingCert.equals(mergedCert)) {
+                    OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert);
+                    StringBuilder sb = new StringBuilder();
+                    sb.append(String.format("Certificate %s has", fingerprint));
+                    if (newSigs != 0) {
+                        sb.append(String.format(" %d new signatures", newSigs));
+                    }
+                    if (newUids != 0) {
+                        if (newSigs != 0) {
+                            sb.append(" and");
+                        }
+                        sb.append(String.format(" %d new UIDs", newUids));
+                    }
+                    if (newSigs == 0 && newUids == 0) {
+                        sb.append(" changed");
+                    }
+
+                    // In this case it is okay to print to stdout, since we are a CLI app
+                    // CHECKSTYLE:OFF
+                    System.out.println(sb);
+                    // CHECKSTYLE:ON
+                }
+            }
+
+            private int countSigs(PGPKeyRing keys) {
+                int numSigs = 0;
+                Iterator<PGPPublicKey> iterator = keys.getPublicKeys();
+                while (iterator.hasNext()) {
+                    PGPPublicKey key = iterator.next();
+                    numSigs += count(key.getSignatures());
+                }
+                return numSigs;
+            }
+
+            // TODO: Use CollectionUtils.count() once available
+            private int count(Iterator<?> iterator) {
+                int num = 0;
+                while (iterator.hasNext()) {
+                    iterator.next();
+                    num++;
+                }
+                return num;
+            }
+        };
+    }
+
+    /**
+     * Return an implementation of {@link KeyMaterialMerger} that ignores the existing certificate and instead
+     * returns the first instance.
+     *
+     * @return overriding callback
+     */
+    public static KeyMaterialMerger overrideCertificate() {
+        // noinspection Convert2Lambda
+        return new KeyMaterialMerger() {
+            @Override
+            public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
+                return data;
+            }
+        };
+    }
+
+    public static KeyMaterialMerger overrideKey() {
+        // noinspection Convert2Lambda
+        return new KeyMaterialMerger() {
+            @Override
+            public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
+                return data;
+            }
+        };
+    }
+}
--- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java
+++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java
@ -7,8 +7,11 @@ package org.pgpainless.certificate_store;
 import pgp.cert_d.BaseDirectoryProvider;
 import pgp.cert_d.backend.FileBasedCertificateDirectoryBackend;
 import pgp.cert_d.backend.InMemoryCertificateDirectoryBackend;
-import pgp.cert_d.exception.NotAStoreException;
 import pgp.cert_d.PGPCertificateDirectory;
+import pgp.cert_d.subkey_lookup.InMemorySubkeyLookup;
+import pgp.cert_d.subkey_lookup.SubkeyLookup;
+import pgp.cert_d.subkey_lookup.SubkeyLookupFactory;
+import pgp.certificate_store.exception.NotAStoreException;

 import java.io.File;

@ -16,21 +19,25 @@ public class PGPainlessCertD extends PGPCertificateDirectory {

    private static final KeyMaterialReader keyMaterialReader = new KeyMaterialReader();

-    public PGPainlessCertD(Backend backend) {
-        super(backend);
+    public PGPainlessCertD(Backend backend, SubkeyLookup subkeyLookup) {
+        super(backend, subkeyLookup);
    }

    public static PGPainlessCertD inMemory() {
        Backend backend = new InMemoryCertificateDirectoryBackend(keyMaterialReader);
-        return new PGPainlessCertD(backend);
+        SubkeyLookup subkeyLookup = new InMemorySubkeyLookup();
+        return new PGPainlessCertD(backend, subkeyLookup);
    }

-    public static PGPainlessCertD fileBased() throws NotAStoreException {
-        return fileBased(BaseDirectoryProvider.getDefaultBaseDir());
+    public static PGPainlessCertD fileBased(SubkeyLookupFactory subkeyLookupFactory)
+            throws NotAStoreException {
+        return fileBased(BaseDirectoryProvider.getDefaultBaseDir(), subkeyLookupFactory);
    }

-    public static PGPainlessCertD fileBased(File baseDirectory) throws NotAStoreException {
+    public static PGPainlessCertD fileBased(File baseDirectory, SubkeyLookupFactory subkeyLookupFactory)
+            throws NotAStoreException {
        Backend backend = new FileBasedCertificateDirectoryBackend(baseDirectory, keyMaterialReader);
-        return new PGPainlessCertD(backend);
+        SubkeyLookup subkeyLookup = subkeyLookupFactory.createFileBasedInstance(baseDirectory);
+        return new PGPainlessCertD(backend, subkeyLookup);
    }
 }
--- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java
+++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java
@ -36,12 +36,13 @@ import org.pgpainless.key.OpenPgpFingerprint;
 import org.pgpainless.key.generation.KeySpec;
 import org.pgpainless.key.generation.type.KeyType;
 import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
-import pgp.cert_d.exception.BadDataException;
-import pgp.cert_d.exception.BadNameException;
-import pgp.cert_d.exception.NotAStoreException;
-import pgp.certificate.Certificate;
-import pgp.certificate.KeyMaterial;
-import pgp.certificate.KeyMaterialMerger;
+import pgp.cert_d.subkey_lookup.InMemorySubkeyLookupFactory;
+import pgp.certificate_store.certificate.Certificate;
+import pgp.certificate_store.certificate.KeyMaterial;
+import pgp.certificate_store.certificate.KeyMaterialMerger;
+import pgp.certificate_store.exception.BadDataException;
+import pgp.certificate_store.exception.BadNameException;
+import pgp.certificate_store.exception.NotAStoreException;

 public class SharedPGPCertificateDirectoryTest {

@ -54,7 +55,7 @@ public class SharedPGPCertificateDirectoryTest {

    private static Stream<PGPainlessCertD> provideTestSubjects() throws IOException, NotAStoreException {
        return Stream.of(
-                PGPainlessCertD.fileBased(tempDir()));
+                PGPainlessCertD.fileBased(tempDir(), new InMemorySubkeyLookupFactory()));
    }

    private static File tempDir() throws IOException {
--- a/version.gradle
+++ b/version.gradle
@ -12,7 +12,7 @@ allprojects {
        logbackVersion = '1.2.11'
        junitVersion = '5.8.2'
        mockitoVersion = '4.5.1'
-        pgpainlessVersion = '1.3.5-SNAPSHOT'
+        pgpainlessVersion = '1.3.5'
        pgpCertDJavaVersion = '0.1.2-SNAPSHOT'
        picocliVersion = '4.6.3'
    }
Author	SHA1	Message	Date
Paul Schaub	7b6162682e	Move and implement key-capable MergeCallbacks	2022-08-12 15:43:22 +02:00
Paul Schaub	7a02ec865b	Implement List command, adapt changes from cert-d-java	2022-08-12 15:04:54 +02:00