PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-12-17 09:41:08 +01:00
Code Issues Releases Wiki Activity

Restore functionality of MissingPublicKeyCallback + JUnit test it

Browse source
This commit is contained in:
Paul Schaub 2021-05-29 12:19:12 +02:00
parent 7bbc23d826
commit 13c7572c8c
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
3 changed files with 112 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
View file

@ -350,6 +350,10 @@ public final class DecryptionStreamFactory {
}
}
if (verificationKeyRing == null && missingPublicKeyCallback != null) {
verificationKeyRing = missingPublicKeyCallback.onMissingPublicKeyEncountered(keyId);
}
return verificationKeyRing;
}
}

20
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/MissingPublicKeyCallback.java
View file

@ -16,21 +16,27 @@
package org.pgpainless.decryption_verification;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
public interface MissingPublicKeyCallback {
/**
* This method gets called if we encounter a signature of an unknown key.
* This method gets called if we encounter a signature made by a key which was not provided for signature verification.
* If you cannot provide the requested key, it is safe to return null here.
* PGPainless will then continue verification with the next signature.
*
* Note: It would be super cool to provide the OpenPgp fingerprint here, but unfortunately signatures only contain
* the key id (see https://tools.ietf.org/html/rfc4880#section-5.2.3.5)
* Note: The key-id might belong to a subkey, so be aware that when looking up the {@link PGPPublicKeyRing},
* you may not only search for the key-id on the key rings primary key!
*
* @param keyId ID of the missing key
* It would be super cool to provide the OpenPgp fingerprint here, but unfortunately one-pass-signatures
* only contain the key id (see https://datatracker.ietf.org/doc/html/rfc4880#section-5.4)
*
* @return the key or null
* @param keyId ID of the missing signing (sub)key
*
* @return keyring containing the key or null
*/
PGPPublicKey onMissingPublicKeyEncountered(@Nonnull Long keyId);
@Nullable PGPPublicKeyRing onMissingPublicKeyEncountered(@Nonnull Long keyId);
}