diff --git a/pgpainless-cli/src/test/java/org/pgpainless/cli/commands/RoundTripSignVerifyCmdTest.java b/pgpainless-cli/src/test/java/org/pgpainless/cli/commands/RoundTripSignVerifyCmdTest.java index 9dcb3aca..9ce18779 100644 --- a/pgpainless-cli/src/test/java/org/pgpainless/cli/commands/RoundTripSignVerifyCmdTest.java +++ b/pgpainless-cli/src/test/java/org/pgpainless/cli/commands/RoundTripSignVerifyCmdTest.java @@ -252,7 +252,7 @@ public class RoundTripSignVerifyCmdTest extends CLITest { String verification = verificationsOut.toString(); String[] split = verification.split(" "); OpenPgpV4Fingerprint primaryKeyFingerprint = new OpenPgpV4Fingerprint(cert); - OpenPgpV4Fingerprint signingKeyFingerprint = new OpenPgpV4Fingerprint(info.getSigningSubkeys().get(0)); + OpenPgpV4Fingerprint signingKeyFingerprint = new OpenPgpV4Fingerprint(info.getSigningSubkeys().get(0).getPGPPublicKey()); assertEquals(signingKeyFingerprint.toString(), split[1].trim(), verification); assertEquals(primaryKeyFingerprint.toString(), split[2].trim()); diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt index bd24b245..06018e06 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt @@ -675,17 +675,17 @@ class OpenPgpMessageInputStream( private fun getDecryptionKey(keyId: Long): PGPSecretKeyRing? = options.getDecryptionKeys().firstOrNull { it.any { k -> k.keyID == keyId } - .and(PGPainless.inspectKeyRing(it).decryptionSubkeys.any { k -> k.keyID == keyId }) + .and( + PGPainless.inspectKeyRing(it).decryptionSubkeys.any { k -> + k.keyIdentifier.keyId == keyId + }) } private fun getDecryptionKey(pkesk: PGPPublicKeyEncryptedData): PGPSecretKeyRing? = options.getDecryptionKeys().firstOrNull { it.getSecretKeyFor(pkesk) != null && PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey -> - when (pkesk.version) { - 3 -> pkesk.keyID == subkey.keyID - else -> throw NotImplementedError("Version 6 PKESK not yet supported.") - } + pkesk.keyIdentifier.matches(subkey.keyIdentifier) } } @@ -693,10 +693,7 @@ class OpenPgpMessageInputStream( options.getDecryptionKeys().filter { it.getSecretKeyFor(pkesk) != null && PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey -> - when (pkesk.version) { - 3 -> pkesk.keyID == subkey.keyID - else -> throw NotImplementedError("Version 6 PKESK not yet supported.") - } + pkesk.keyIdentifier.matches(subkey.keyIdentifier) } } @@ -708,8 +705,9 @@ class OpenPgpMessageInputStream( options.getDecryptionKeys().forEach { val info = PGPainless.inspectKeyRing(it) for (key in info.decryptionSubkeys) { - if (key.algorithm == algorithm && info.isSecretKeyAvailable(key.keyID)) { - candidates.add(it to it.getSecretKey(key.keyID)) + if (key.pgpPublicKey.algorithm == algorithm && + info.isSecretKeyAvailable(key.keyIdentifier)) { + candidates.add(it to it.getSecretKey(key.keyIdentifier)) } } } diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/BcHashContextSigner.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/BcHashContextSigner.kt index 47aed2be..88e8d21d 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/BcHashContextSigner.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/BcHashContextSigner.kt @@ -27,9 +27,11 @@ class BcHashContextSigner { ): PGPSignature { val info = PGPainless.inspectKeyRing(secretKey) return info.signingSubkeys - .mapNotNull { info.getSecretKey(it.keyID) } + .mapNotNull { info.getSecretKey(it.keyIdentifier) } .firstOrNull() - ?.let { signHashContext(hashContext, signatureType, it.unlock(protector)) } + ?.let { + signHashContext(hashContext, signatureType, it.pgpSecretKey.unlock(protector)) + } ?: throw PGPException("Key does not contain suitable signing subkey.") } diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/EncryptionOptions.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/EncryptionOptions.kt index f261b85e..c6683480 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/EncryptionOptions.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/EncryptionOptions.kt @@ -144,7 +144,7 @@ class EncryptionOptions(private val purpose: EncryptionPurpose) { val info = KeyRingInfo(key, evaluationDate) val subkeys = encryptionKeySelector.selectEncryptionSubkeys( - info.getEncryptionSubkeys(userId, purpose)) + info.getEncryptionSubkeys(userId, purpose).map { it.pgpPublicKey }) if (subkeys.isEmpty()) { throw KeyException.UnacceptableEncryptionKeyException(OpenPgpFingerprint.of(key)) } @@ -184,7 +184,9 @@ class EncryptionOptions(private val purpose: EncryptionPurpose) { throw ExpiredKeyException(OpenPgpFingerprint.of(key), primaryKeyExpiration) } - var encryptionSubkeys = selector.selectEncryptionSubkeys(info.getEncryptionSubkeys(purpose)) + var encryptionSubkeys = + selector.selectEncryptionSubkeys( + info.getEncryptionSubkeys(purpose).map { it.pgpPublicKey }) // There are some legacy keys around without key flags. // If we allow encryption for those keys, we add valid keys without any key flags, if they @@ -193,8 +195,9 @@ class EncryptionOptions(private val purpose: EncryptionPurpose) { if (encryptionSubkeys.isEmpty() && allowEncryptionWithMissingKeyFlags) { encryptionSubkeys = info.validSubkeys - .filter { it.isEncryptionKey } - .filter { info.getKeyFlagsOf(it.keyID).isEmpty() } + .filter { it.pgpPublicKey.isEncryptionKey } + .filter { info.getKeyFlagsOf(it.keyIdentifier).isEmpty() } + .map { it.pgpPublicKey } } if (encryptionSubkeys.isEmpty()) { diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/SigningOptions.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/SigningOptions.kt index e0fe2972..0f193e2f 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/SigningOptions.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/SigningOptions.kt @@ -5,6 +5,7 @@ package org.pgpainless.encryption_signing import java.util.* +import org.bouncycastle.bcpg.KeyIdentifier import org.bouncycastle.openpgp.* import org.pgpainless.PGPainless.Companion.getPolicy import org.pgpainless.PGPainless.Companion.inspectKeyRing @@ -153,12 +154,13 @@ class SigningOptions { for (signingPubKey in signingPubKeys) { val signingSecKey: PGPSecretKey = - signingKey.getSecretKey(signingPubKey.keyID) - ?: throw MissingSecretKeyException(of(signingKey), signingPubKey.keyID) + signingKey.getSecretKey(signingPubKey.keyIdentifier) + ?: throw MissingSecretKeyException( + of(signingKey), signingPubKey.keyIdentifier.keyId) val signingSubkey: PGPPrivateKey = signingSecKey.unlock(signingKeyProtector) val hashAlgorithms = if (userId != null) keyRingInfo.getPreferredHashAlgorithms(userId) - else keyRingInfo.getPreferredHashAlgorithms(signingPubKey.keyID) + else keyRingInfo.getPreferredHashAlgorithms(signingPubKey.keyIdentifier) val hashAlgorithm: HashAlgorithm = negotiateHashAlgorithm(hashAlgorithms, getPolicy()) addSigningMethod( signingKey, signingSubkey, hashAlgorithm, signatureType, false, subpacketsCallback) @@ -197,15 +199,16 @@ class SigningOptions { } for (signingPubKey in signingPubKeys) { - if (signingPubKey.keyID != keyId) { + if (!signingPubKey.keyIdentifier.matches(KeyIdentifier(keyId))) { continue } val signingSecKey = - signingKey.getSecretKey(signingPubKey.keyID) - ?: throw MissingSecretKeyException(of(signingKey), signingPubKey.keyID) + signingKey.getSecretKey(signingPubKey.keyIdentifier) + ?: throw MissingSecretKeyException( + of(signingKey), signingPubKey.keyIdentifier.keyId) val signingSubkey = signingSecKey.unlock(signingKeyProtector) - val hashAlgorithms = keyRingInfo.getPreferredHashAlgorithms(signingPubKey.keyID) + val hashAlgorithms = keyRingInfo.getPreferredHashAlgorithms(signingPubKey.keyIdentifier) val hashAlgorithm: HashAlgorithm = negotiateHashAlgorithm(hashAlgorithms, getPolicy()) addSigningMethod( signingKey, signingSubkey, hashAlgorithm, signatureType, false, subpacketsCallback) @@ -297,12 +300,13 @@ class SigningOptions { for (signingPubKey in signingPubKeys) { val signingSecKey: PGPSecretKey = - signingKey.getSecretKey(signingPubKey.keyID) - ?: throw MissingSecretKeyException(of(signingKey), signingPubKey.keyID) + signingKey.getSecretKey(signingPubKey.keyIdentifier) + ?: throw MissingSecretKeyException( + of(signingKey), signingPubKey.keyIdentifier.keyId) val signingSubkey: PGPPrivateKey = signingSecKey.unlock(signingKeyProtector) val hashAlgorithms = if (userId != null) keyRingInfo.getPreferredHashAlgorithms(userId) - else keyRingInfo.getPreferredHashAlgorithms(signingPubKey.keyID) + else keyRingInfo.getPreferredHashAlgorithms(signingPubKey.keyIdentifier) val hashAlgorithm: HashAlgorithm = negotiateHashAlgorithm(hashAlgorithms, getPolicy()) addSigningMethod( signingKey, signingSubkey, hashAlgorithm, signatureType, true, subpacketCallback) @@ -342,12 +346,14 @@ class SigningOptions { } for (signingPubKey in signingPubKeys) { - if (signingPubKey.keyID == keyId) { + if (signingPubKey.keyIdentifier.matches(KeyIdentifier(keyId))) { val signingSecKey: PGPSecretKey = - signingKey.getSecretKey(signingPubKey.keyID) - ?: throw MissingSecretKeyException(of(signingKey), signingPubKey.keyID) + signingKey.getSecretKey(signingPubKey.keyIdentifier) + ?: throw MissingSecretKeyException( + of(signingKey), signingPubKey.keyIdentifier.keyId) val signingSubkey: PGPPrivateKey = signingSecKey.unlock(signingKeyProtector) - val hashAlgorithms = keyRingInfo.getPreferredHashAlgorithms(signingPubKey.keyID) + val hashAlgorithms = + keyRingInfo.getPreferredHashAlgorithms(signingPubKey.keyIdentifier) val hashAlgorithm: HashAlgorithm = negotiateHashAlgorithm(hashAlgorithms, getPolicy()) addSigningMethod( diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/SubkeyIdentifier.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/SubkeyIdentifier.kt index 58c935d9..56307873 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/SubkeyIdentifier.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/SubkeyIdentifier.kt @@ -4,7 +4,6 @@ package org.pgpainless.key -import openpgp.openPgpKeyId import org.bouncycastle.bcpg.KeyIdentifier import org.bouncycastle.openpgp.PGPKeyRing import org.bouncycastle.openpgp.PGPPublicKey @@ -24,21 +23,23 @@ class SubkeyIdentifier( constructor(key: PGPPublicKey) : this(OpenPgpFingerprint.of(key)) - constructor( - keys: PGPKeyRing, - keyId: Long - ) : this( - OpenPgpFingerprint.of(keys.publicKey), - OpenPgpFingerprint.of( - keys.getPublicKey(keyId) - ?: throw NoSuchElementException( - "OpenPGP key does not contain subkey ${keyId.openPgpKeyId()}"))) + constructor(keys: PGPKeyRing, keyId: Long) : this(keys, KeyIdentifier(keyId)) constructor( keys: PGPKeyRing, subkeyFingerprint: OpenPgpFingerprint ) : this(OpenPgpFingerprint.of(keys), subkeyFingerprint) + constructor( + keys: PGPKeyRing, + subkeyIdentifier: KeyIdentifier + ) : this( + OpenPgpFingerprint.of(keys), + OpenPgpFingerprint.of( + keys.getPublicKey(subkeyIdentifier) + ?: throw NoSuchElementException( + "OpenPGP key does not contain subkey $subkeyIdentifier"))) + val keyIdentifier = KeyIdentifier(subkeyFingerprint.bytes) val subkeyIdentifier = keyIdentifier val primaryKeyIdentifier = KeyIdentifier(primaryKeyFingerprint.bytes) diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/certification/CertifyCertificate.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/certification/CertifyCertificate.kt index 9499355c..e75dc5bf 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/certification/CertifyCertificate.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/certification/CertifyCertificate.kt @@ -225,7 +225,7 @@ class CertifyCertificate { val fingerprint = info.fingerprint val certificationPubKey = info.getPublicKey(fingerprint) requireNotNull(certificationPubKey) { "Primary key cannot be null." } - if (!info.isKeyValidlyBound(certificationPubKey.keyID)) { + if (!info.isKeyValidlyBound(certificationPubKey.keyIdentifier)) { throw RevokedKeyException(fingerprint) } @@ -238,8 +238,9 @@ class CertifyCertificate { throw ExpiredKeyException(fingerprint, expirationDate) } - return certificationKey.getSecretKey(certificationPubKey.keyID) - ?: throw MissingSecretKeyException(fingerprint, certificationPubKey.keyID) + return certificationKey.getSecretKey(certificationPubKey.keyIdentifier) + ?: throw MissingSecretKeyException( + fingerprint, certificationPubKey.keyIdentifier.keyId) } } } diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/info/KeyRingInfo.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/info/KeyRingInfo.kt index 9271f550..011407f6 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/info/KeyRingInfo.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/info/KeyRingInfo.kt @@ -9,6 +9,9 @@ import openpgp.openPgpKeyId import org.bouncycastle.bcpg.KeyIdentifier import org.bouncycastle.openpgp.* import org.bouncycastle.openpgp.api.OpenPGPCertificate +import org.bouncycastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey +import org.bouncycastle.openpgp.api.OpenPGPKey +import org.bouncycastle.openpgp.api.OpenPGPKey.OpenPGPSecretKey import org.pgpainless.PGPainless import org.pgpainless.algorithm.* import org.pgpainless.bouncycastle.extensions.* @@ -33,7 +36,10 @@ class KeyRingInfo( keys: PGPKeyRing, policy: Policy = PGPainless.getPolicy(), referenceDate: Date = Date() - ) : this(OpenPGPCertificate(keys), policy, referenceDate) + ) : this( + if (keys is PGPSecretKeyRing) OpenPGPKey(keys) else OpenPGPCertificate(keys), + policy, + referenceDate) @JvmOverloads constructor( @@ -74,35 +80,32 @@ class KeyRingInfo( if (revocationState.isSoftRevocation()) revocationState.date else null /** - * Primary [PGPSecretKey] of this key ring or null if the key ring is not a [PGPSecretKeyRing]. + * Primary [OpenPGPSecretKey] of this key ring or null if the key ring is not a [OpenPGPKey]. */ - val secretKey: PGPSecretKey? = - when (keys.pgpKeyRing) { - is PGPSecretKeyRing -> (keys.pgpKeyRing as PGPSecretKeyRing).secretKey!! - else -> null - } + val secretKey: OpenPGPSecretKey? = + if (keys.isSecretKey) { + (keys as OpenPGPKey).primarySecretKey + } else null /** OpenPGP key version. */ val version: Int = publicKey.version /** - * Return all [PGPPublicKeys][PGPPublicKey] of this key ring. The first key in the list being - * the primary key. Note that the list is unmodifiable. + * Return all [public component keys][OpenPGPComponentKey] of this key ring. The first key in + * the list being the primary key. Note that the list is unmodifiable. * * @return list of public keys */ - val publicKeys: List = keys.pgpKeyRing.publicKeys.asSequence().toList() + val publicKeys: List = keys.keys - /** All secret keys. If the key ring is a [PGPPublicKeyRing], then return an empty list. */ - val secretKeys: List = - when (keys.pgpKeyRing) { - is PGPSecretKeyRing -> - (keys.pgpKeyRing as PGPSecretKeyRing).secretKeys.asSequence().toList() - else -> listOf() - } + /** All secret keys. If the key ring is not an [OpenPGPKey], then return an empty list. */ + val secretKeys: List = + if (keys.isSecretKey) { + (keys as OpenPGPKey).secretKeys.values.toList() + } else listOf() - /** List of valid public subkeys. */ - val validSubkeys: List = keys.getValidKeys(referenceDate).map { it.pgpPublicKey } + /** List of valid public component keys. */ + val validSubkeys: List = keys.getValidKeys(referenceDate) /** List of valid user-IDs. */ val validUserIds: List = keys.getValidUserIds(referenceDate).map { it.userId } @@ -144,30 +147,32 @@ class KeyRingInfo( /** Latest date at which the key was modified (either by adding a subkey or self-signature). */ val lastModified: Date = keys.lastModificationDate - /** True, if the underlying keyring is a [PGPSecretKeyRing]. */ - val isSecretKey: Boolean = keys.pgpKeyRing is PGPSecretKeyRing + /** True, if the underlying key is a [OpenPGPKey]. */ + val isSecretKey: Boolean = keys.isSecretKey /** True, if there are no encrypted secret keys. */ val isFullyDecrypted: Boolean = - !isSecretKey || secretKeys.all { it.hasDummyS2K() || it.isDecrypted() } + !isSecretKey || + secretKeys.all { it.pgpSecretKey.hasDummyS2K() || it.pgpSecretKey.isDecrypted() } /** True, if there are only encrypted secret keys. */ val isFullyEncrypted: Boolean = - isSecretKey && secretKeys.none { !it.hasDummyS2K() && it.isDecrypted() } + isSecretKey && + secretKeys.none { !it.pgpSecretKey.hasDummyS2K() && it.pgpSecretKey.isDecrypted() } /** List of public keys, whose secret key counterparts can be used to decrypt messages. */ - val decryptionSubkeys: List = - keys.pgpKeyRing.publicKeys + val decryptionSubkeys: List = + keys.keys .asSequence() .filter { if (!it.keyIdentifier.matches(keyIdentifier)) { - if (signatures.subkeyBindings[it.keyID] == null) { - LOGGER.debug("Subkey ${it.keyID.openPgpKeyId()} has no binding signature.") + if (signatures.subkeyBindings[it.keyIdentifier.keyId] == null) { + LOGGER.debug("Subkey ${it.keyIdentifier} has no binding signature.") return@filter false } } - if (!it.isEncryptionKey) { - LOGGER.debug("(Sub-?)Key ${it.keyID.openPgpKeyId()} is not encryption-capable.") + if (!it.pgpPublicKey.isEncryptionKey) { + LOGGER.debug("(Sub-?)Key ${it.keyIdentifier} is not encryption-capable.") return@filter false } return@filter true @@ -204,8 +209,7 @@ class KeyRingInfo( } /** List of all subkeys that can be used to sign a message. */ - val signingSubkeys: List = - keys.getSigningKeys(referenceDate).map { it.pgpPublicKey } + val signingSubkeys: List = keys.getSigningKeys(referenceDate) /** Whether the key is usable for encryption. */ val isUsableForEncryption: Boolean = @@ -222,7 +226,7 @@ class KeyRingInfo( /** Whether the key is actually usable to sign messages. */ val isUsableForSigning: Boolean = - isSigningCapable && signingSubkeys.any { isSecretKeyAvailable(it.keyID) } + isSigningCapable && signingSubkeys.any { isSecretKeyAvailable(it.keyIdentifier) } /** [HashAlgorithm] preferences of the primary user-ID or if absent, of the primary key. */ val preferredHashAlgorithms: Set @@ -254,6 +258,10 @@ class KeyRingInfo( return getSubkeyExpirationDate(fingerprint.keyId) } + fun getSubkeyExpirationDate(keyIdentifier: KeyIdentifier): Date? { + return getSubkeyExpirationDate(keyIdentifier.keyId) + } + /** * Return the expiration date of the subkey with the provided keyId. * @@ -284,7 +292,7 @@ class KeyRingInfo( } val primaryKeyExpiration = primaryKeyExpirationDate - val keysWithFlag: List = getKeysWithKeyFlag(use) + val keysWithFlag: List = getKeysWithKeyFlag(use) if (keysWithFlag.isEmpty()) throw NoSuchElementException("No key with the required key flag found.") @@ -292,7 +300,9 @@ class KeyRingInfo( val latestSubkeyExpiration = keysWithFlag .map { key -> - getSubkeyExpirationDate(key.keyID).also { if (it == null) nonExpiring = true } + getSubkeyExpirationDate(key.keyIdentifier).also { + if (it == null) nonExpiring = true + } } .filterNotNull() .maxByOrNull { it } @@ -318,8 +328,8 @@ class KeyRingInfo( * @param flag flag * @return keys with flag */ - fun getKeysWithKeyFlag(flag: KeyFlag): List = - publicKeys.filter { getKeyFlagsOf(it.keyID).contains(flag) } + fun getKeysWithKeyFlag(flag: KeyFlag): List = + publicKeys.filter { getKeyFlagsOf(it.keyIdentifier).contains(flag) } /** * Return a list of all subkeys which can be used to encrypt a message for the given user-ID. @@ -329,7 +339,7 @@ class KeyRingInfo( fun getEncryptionSubkeys( userId: CharSequence?, purpose: EncryptionPurpose - ): List { + ): List { if (userId != null && !isUserIdValid(userId)) { throw UnboundUserIdException( OpenPgpFingerprint.of(publicKey.pgpPublicKey), @@ -345,7 +355,7 @@ class KeyRingInfo( * * @return subkeys which can be used for encryption */ - fun getEncryptionSubkeys(purpose: EncryptionPurpose): List { + fun getEncryptionSubkeys(purpose: EncryptionPurpose): List { primaryKeyExpirationDate?.let { if (it < referenceDate) { LOGGER.debug( @@ -354,29 +364,29 @@ class KeyRingInfo( } } - return keys.pgpKeyRing.publicKeys + return keys.keys .asSequence() .filter { - if (!isKeyValidlyBound(it.keyID)) { - LOGGER.debug("(Sub?)-Key ${it.keyID.openPgpKeyId()} is not validly bound.") + if (!isKeyValidlyBound(it.keyIdentifier)) { + LOGGER.debug("(Sub?)-Key ${it.keyIdentifier} is not validly bound.") return@filter false } - getSubkeyExpirationDate(it.keyID)?.let { exp -> + getSubkeyExpirationDate(it.keyIdentifier)?.let { exp -> if (exp < referenceDate) { LOGGER.debug( - "(Sub?)-Key ${it.keyID.openPgpKeyId()} is expired on ${DateUtil.formatUTCDate(exp)}.") + "(Sub?)-Key ${it.keyIdentifier} is expired on ${DateUtil.formatUTCDate(exp)}.") return@filter false } } - if (!it.isEncryptionKey) { + if (!it.pgpPublicKey.isEncryptionKey) { LOGGER.debug( - "(Sub?)-Key ${it.keyID.openPgpKeyId()} algorithm is not capable of encryption.") + "(Sub?)-Key ${it.keyIdentifier} algorithm is not capable of encryption.") return@filter false } - val keyFlags = getKeyFlagsOf(it.keyID) + val keyFlags = getKeyFlagsOf(it.keyIdentifier) when (purpose) { EncryptionPurpose.COMMUNICATIONS -> return@filter keyFlags.contains(KeyFlag.ENCRYPT_COMMS) @@ -519,7 +529,7 @@ class KeyRingInfo( * @param keyId key id * @return public key or null */ - fun getPublicKey(keyId: Long): PGPPublicKey? = keys.pgpKeyRing.getPublicKey(keyId) + fun getPublicKey(keyId: Long): OpenPGPComponentKey? = keys.getKey(KeyIdentifier(keyId)) /** * Return the secret key with the given key id. @@ -527,11 +537,16 @@ class KeyRingInfo( * @param keyId key id * @return secret key or null */ - fun getSecretKey(keyId: Long): PGPSecretKey? = - when (keys.pgpKeyRing) { - is PGPSecretKeyRing -> (keys.pgpKeyRing as PGPSecretKeyRing).getSecretKey(keyId) - else -> null - } + fun getSecretKey(keyId: Long): OpenPGPSecretKey? = getSecretKey(KeyIdentifier(keyId)) + + fun getSecretKey(keyIdentifier: KeyIdentifier): OpenPGPSecretKey? = + if (keys.isSecretKey) { + (keys as OpenPGPKey).getSecretKey(keyIdentifier) + } else null + + fun isSecretKeyAvailable(keyId: Long): Boolean { + return isSecretKeyAvailable(KeyIdentifier(keyId)) + } /** * Return true, if the secret-key with the given key-ID is available (i.e. not moved to a @@ -539,10 +554,10 @@ class KeyRingInfo( * * @return availability of the secret key */ - fun isSecretKeyAvailable(keyId: Long): Boolean { - return getSecretKey(keyId)?.let { - return if (it.s2K == null) true // Unencrypted key - else it.s2K.type !in 100..110 // Secret key on smart-card + fun isSecretKeyAvailable(keyIdentifier: KeyIdentifier): Boolean { + return getSecretKey(keyIdentifier)?.let { + return if (it.pgpSecretKey.s2K == null) true // Unencrypted key + else it.pgpSecretKey.s2K.type !in 100..110 // Secret key on smart-card } ?: false // Missing secret key } @@ -553,8 +568,8 @@ class KeyRingInfo( * @param fingerprint fingerprint * @return public key or null */ - fun getPublicKey(fingerprint: OpenPgpFingerprint): PGPPublicKey? = - keys.pgpKeyRing.getPublicKey(fingerprint.bytes) + fun getPublicKey(fingerprint: OpenPgpFingerprint): OpenPGPComponentKey? = + keys.getKey(KeyIdentifier(fingerprint.bytes)) /** * Return the secret key with the given fingerprint. @@ -562,15 +577,11 @@ class KeyRingInfo( * @param fingerprint fingerprint * @return secret key or null */ - fun getSecretKey(fingerprint: OpenPgpFingerprint): PGPSecretKey? = - when (keys.pgpKeyRing) { - is PGPSecretKeyRing -> - (keys.pgpKeyRing as PGPSecretKeyRing).getSecretKey(fingerprint.bytes) - else -> null - } + fun getSecretKey(fingerprint: OpenPgpFingerprint): OpenPGPSecretKey? = + getSecretKey(KeyIdentifier(fingerprint.bytes)) - fun getPublicKey(keyIdentifier: KeyIdentifier): PGPPublicKey? { - return keys.pgpKeyRing.getPublicKey(keyIdentifier) + fun getPublicKey(keyIdentifier: KeyIdentifier): OpenPGPComponentKey? { + return keys.getKey(keyIdentifier) } /** @@ -580,11 +591,11 @@ class KeyRingInfo( * @throws IllegalArgumentException if the identifier's primary key does not match the primary * key of the key. */ - fun getPublicKey(identifier: SubkeyIdentifier): PGPPublicKey? { + fun getPublicKey(identifier: SubkeyIdentifier): OpenPGPComponentKey? { require(publicKey.keyIdentifier.equals(identifier.keyIdentifier)) { "Mismatching primary key ID." } - return keys.pgpKeyRing.getPublicKey(identifier.subkeyIdentifier) + return getPublicKey(identifier.subkeyIdentifier) } /** @@ -594,16 +605,8 @@ class KeyRingInfo( * @throws IllegalArgumentException if the identifier's primary key does not match the primary * key of the key. */ - fun getSecretKey(identifier: SubkeyIdentifier): PGPSecretKey? = - when (keys.pgpKeyRing) { - is PGPSecretKeyRing -> { - require(publicKey.keyIdentifier.equals(identifier.keyIdentifier)) { - "Mismatching primary key ID." - } - (keys.pgpKeyRing as PGPSecretKeyRing).getSecretKey(identifier.subkeyIdentifier) - } - else -> null - } + fun getSecretKey(identifier: SubkeyIdentifier): OpenPGPComponentKey? = + getSecretKey(identifier.subkeyIdentifier) fun isKeyValidlyBound(keyIdentifier: KeyIdentifier): Boolean { return isKeyValidlyBound(keyIdentifier.keyId) diff --git a/pgpainless-core/src/test/java/investigations/InvestigateMultiSEIPMessageHandlingTest.java b/pgpainless-core/src/test/java/investigations/InvestigateMultiSEIPMessageHandlingTest.java index a0ea747a..f37bf690 100644 --- a/pgpainless-core/src/test/java/investigations/InvestigateMultiSEIPMessageHandlingTest.java +++ b/pgpainless-core/src/test/java/investigations/InvestigateMultiSEIPMessageHandlingTest.java @@ -120,11 +120,11 @@ public class InvestigateMultiSEIPMessageHandlingTest { public void generateTestMessage() throws PGPException, IOException { PGPSecretKeyRing ring1 = PGPainless.readKeyRing().secretKeyRing(KEY1); KeyRingInfo info1 = PGPainless.inspectKeyRing(ring1); - PGPPublicKey cryptKey1 = info1.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0); - PGPSecretKey signKey1 = ring1.getSecretKey(info1.getSigningSubkeys().get(0).getKeyID()); + PGPPublicKey cryptKey1 = info1.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getPGPPublicKey(); + PGPSecretKey signKey1 = ring1.getSecretKey(info1.getSigningSubkeys().get(0).getKeyIdentifier()); PGPSecretKeyRing ring2 = PGPainless.readKeyRing().secretKeyRing(KEY2); KeyRingInfo info2 = PGPainless.inspectKeyRing(ring2); - PGPSecretKey signKey2 = ring2.getSecretKey(info2.getSigningSubkeys().get(0).getKeyID()); + PGPSecretKey signKey2 = ring2.getSecretKey(info2.getSigningSubkeys().get(0).getKeyIdentifier()); ByteArrayOutputStream out = new ByteArrayOutputStream(); ArmoredOutputStream armorOut = new ArmoredOutputStream(out); diff --git a/pgpainless-core/src/test/java/org/bouncycastle/CachingBcPublicKeyDataDecryptorFactoryTest.java b/pgpainless-core/src/test/java/org/bouncycastle/CachingBcPublicKeyDataDecryptorFactoryTest.java index 10cf4b1f..bb5f260c 100644 --- a/pgpainless-core/src/test/java/org/bouncycastle/CachingBcPublicKeyDataDecryptorFactoryTest.java +++ b/pgpainless-core/src/test/java/org/bouncycastle/CachingBcPublicKeyDataDecryptorFactoryTest.java @@ -68,9 +68,9 @@ public class CachingBcPublicKeyDataDecryptorFactoryTest { SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys(); KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys); SubkeyIdentifier decryptionKey = new SubkeyIdentifier(secretKeys, - info.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getKeyID()); + info.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getKeyIdentifier()); - PGPSecretKey secretKey = secretKeys.getSecretKey(decryptionKey.getSubkeyId()); + PGPSecretKey secretKey = secretKeys.getSecretKey(decryptionKey.getKeyIdentifier()); PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(secretKey, protector); CachingBcPublicKeyDataDecryptorFactory cachingFactory = new CachingBcPublicKeyDataDecryptorFactory( privateKey, decryptionKey); diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CertificateWithMissingSecretKeyTest.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CertificateWithMissingSecretKeyTest.java index e5f9e370..5927df70 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CertificateWithMissingSecretKeyTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CertificateWithMissingSecretKeyTest.java @@ -14,9 +14,8 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; +import org.bouncycastle.bcpg.KeyIdentifier; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; @@ -66,14 +65,14 @@ public class CertificateWithMissingSecretKeyTest { private static final long signingSubkeyId = -7647663290973502178L; private static PGPSecretKeyRing missingSigningSecKey; - private static long encryptionSubkeyId; + private static KeyIdentifier encryptionSubkeyId; private static PGPSecretKeyRing missingDecryptionSecKey; private static final SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys(); @BeforeAll - public static void prepare() throws IOException, PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + public static void prepare() throws IOException { // missing signing sec key we read from bytes missingSigningSecKey = PGPainless.readKeyRing().secretKeyRing(MISSING_SIGNING_SECKEY); @@ -81,9 +80,9 @@ public class CertificateWithMissingSecretKeyTest { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() .modernKeyRing("Missing Decryption Key "); encryptionSubkeyId = PGPainless.inspectKeyRing(secretKeys) - .getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getKeyID(); + .getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getKeyIdentifier(); // remove the encryption/decryption secret key - missingDecryptionSecKey = KeyRingUtils.stripSecretKey(secretKeys, encryptionSubkeyId); + missingDecryptionSecKey = KeyRingUtils.stripSecretKey(secretKeys, encryptionSubkeyId.getKeyId()); } @Test diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CustomPublicKeyDataDecryptorFactoryTest.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CustomPublicKeyDataDecryptorFactoryTest.java index d8b2f529..c8d9e2f1 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CustomPublicKeyDataDecryptorFactoryTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CustomPublicKeyDataDecryptorFactoryTest.java @@ -6,10 +6,10 @@ package org.pgpainless.decryption_verification; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPrivateKey; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory; import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory; import org.bouncycastle.util.io.Streams; @@ -41,7 +41,8 @@ public class CustomPublicKeyDataDecryptorFactoryTest { PGPSecretKeyRing secretKey = PGPainless.generateKeyRing().modernKeyRing("Alice"); PGPPublicKeyRing cert = PGPainless.extractCertificate(secretKey); KeyRingInfo info = PGPainless.inspectKeyRing(secretKey); - PGPPublicKey encryptionKey = info.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0); + OpenPGPCertificate.OpenPGPComponentKey encryptionKey = + info.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0); // Encrypt a test message String plaintext = "Hello, World!\n"; @@ -59,7 +60,7 @@ public class CustomPublicKeyDataDecryptorFactoryTest { throws HardwareSecurity.HardwareSecurityException { // Emulate hardware decryption. try { - PGPSecretKey decryptionKey = secretKey.getSecretKey(encryptionKey.getKeyID()); + PGPSecretKey decryptionKey = secretKey.getSecretKey(encryptionKey.getKeyIdentifier()); PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(decryptionKey, Passphrase.emptyPassphrase()); PublicKeyDataDecryptorFactory internal = new BcPublicKeyDataDecryptorFactory(privateKey); return internal.recoverSessionData(keyAlgorithm, new byte[][] {sessionKeyData}, pkeskVersion); @@ -75,7 +76,7 @@ public class CustomPublicKeyDataDecryptorFactoryTest { .withOptions(ConsumerOptions.get() .addCustomDecryptorFactory( new HardwareSecurity.HardwareDataDecryptorFactory( - new SubkeyIdentifier(cert, encryptionKey.getKeyID()), + new SubkeyIdentifier(cert, encryptionKey.getKeyIdentifier()), hardwareDecryptionCallback))); ByteArrayOutputStream decryptedOut = new ByteArrayOutputStream(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptHiddenRecipientMessageTest.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptHiddenRecipientMessageTest.java index 4eb7b203..fc8cf347 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptHiddenRecipientMessageTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptHiddenRecipientMessageTest.java @@ -13,8 +13,8 @@ import java.nio.charset.StandardCharsets; import java.util.List; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.bouncycastle.util.io.Streams; import org.junit.jupiter.api.TestTemplate; import org.junit.jupiter.api.extension.ExtendWith; @@ -144,10 +144,11 @@ public class DecryptHiddenRecipientMessageTest { assertEquals(0L, metadata.getRecipientKeyIds().get(0)); KeyRingInfo info = new KeyRingInfo(secretKeys); - List encryptionKeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY); + List encryptionKeys = + info.getEncryptionSubkeys(EncryptionPurpose.ANY); assertEquals(1, encryptionKeys.size()); - assertEquals(new SubkeyIdentifier(secretKeys, encryptionKeys.get(0).getKeyID()), metadata.getDecryptionKey()); + assertEquals(new SubkeyIdentifier(secretKeys, encryptionKeys.get(0).getKeyIdentifier()), metadata.getDecryptionKey()); assertEquals("Hello Recipient :)", out.toString()); } } diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/MissingPassphraseForDecryptionTest.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/MissingPassphraseForDecryptionTest.java index 42562713..dcac7ada 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/MissingPassphraseForDecryptionTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/MissingPassphraseForDecryptionTest.java @@ -14,14 +14,12 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; import java.util.List; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.bouncycastle.util.io.Streams; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -44,7 +42,7 @@ public class MissingPassphraseForDecryptionTest { private byte[] message; @BeforeEach - public void setup() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException { + public void setup() throws PGPException, IOException { secretKeys = PGPainless.generateKeyRing().modernKeyRing("Test", passphrase); PGPPublicKeyRing certificate = PGPainless.extractCertificate(secretKeys); ByteArrayOutputStream out = new ByteArrayOutputStream(); @@ -91,7 +89,8 @@ public class MissingPassphraseForDecryptionTest { @Test public void throwExceptionStrategy() throws PGPException, IOException { KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys); - List encryptionKeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY); + List encryptionKeys = + info.getEncryptionSubkeys(EncryptionPurpose.ANY); SecretKeyPassphraseProvider callback = new SecretKeyPassphraseProvider() { @Override @@ -118,8 +117,8 @@ public class MissingPassphraseForDecryptionTest { } catch (MissingPassphraseException e) { assertFalse(e.getKeyIds().isEmpty()); assertEquals(encryptionKeys.size(), e.getKeyIds().size()); - for (PGPPublicKey encryptionKey : encryptionKeys) { - assertTrue(e.getKeyIds().contains(new SubkeyIdentifier(secretKeys, encryptionKey.getKeyID()))); + for (OpenPGPCertificate.OpenPGPComponentKey encryptionKey : encryptionKeys) { + assertTrue(e.getKeyIds().contains(new SubkeyIdentifier(secretKeys, encryptionKey.getKeyIdentifier()))); } } } diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyWithMissingPublicKeyCallbackTest.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyWithMissingPublicKeyCallbackTest.java index 0d58e7dd..c77c70e1 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyWithMissingPublicKeyCallbackTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyWithMissingPublicKeyCallbackTest.java @@ -12,13 +12,11 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.bouncycastle.util.io.Streams; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; @@ -39,9 +37,10 @@ import org.pgpainless.key.util.KeyRingUtils; public class VerifyWithMissingPublicKeyCallbackTest { @Test - public void testMissingPublicKeyCallback() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException { + public void testMissingPublicKeyCallback() throws PGPException, IOException { PGPSecretKeyRing signingSecKeys = PGPainless.generateKeyRing().modernKeyRing("alice"); - PGPPublicKey signingKey = new KeyRingInfo(signingSecKeys).getSigningSubkeys().get(0); + OpenPGPCertificate.OpenPGPComponentKey signingKey = + new KeyRingInfo(signingSecKeys).getSigningSubkeys().get(0); PGPPublicKeyRing signingPubKeys = KeyRingUtils.publicKeyRingFrom(signingSecKeys); PGPPublicKeyRing unrelatedKeys = TestKeys.getJulietPublicKeyRing(); @@ -63,7 +62,7 @@ public class VerifyWithMissingPublicKeyCallbackTest { .setMissingCertificateCallback(new MissingPublicKeyCallback() { @Override public PGPPublicKeyRing onMissingPublicKeyEncountered(long keyId) { - assertEquals(signingKey.getKeyID(), keyId, "Signing key-ID mismatch."); + assertEquals(signingKey.getKeyIdentifier().getKeyId(), keyId, "Signing key-ID mismatch."); return signingPubKeys; } })); diff --git a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/MultiSigningSubkeyTest.java b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/MultiSigningSubkeyTest.java index 28097db6..d504238a 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/MultiSigningSubkeyTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/MultiSigningSubkeyTest.java @@ -5,10 +5,10 @@ package org.pgpainless.encryption_signing; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSignature; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.bouncycastle.util.io.Streams; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; @@ -31,8 +31,6 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; import java.util.Iterator; import java.util.List; import java.util.stream.Collectors; @@ -50,7 +48,7 @@ public class MultiSigningSubkeyTest { private static SecretKeyRingProtector protector; @BeforeAll - public static void generateKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + public static void generateKey() { signingKey = PGPainless.buildKeyRing() .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)) .addSubkey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), KeyFlag.SIGN_DATA)) @@ -59,10 +57,10 @@ public class MultiSigningSubkeyTest { .addUserId("Alice ") .build(); signingCert = PGPainless.extractCertificate(signingKey); - Iterator signingSubkeys = PGPainless.inspectKeyRing(signingKey).getSigningSubkeys().listIterator(); - primaryKey = new SubkeyIdentifier(signingKey, signingSubkeys.next().getKeyID()); - signingKey1 = new SubkeyIdentifier(signingKey, signingSubkeys.next().getKeyID()); - signingKey2 = new SubkeyIdentifier(signingKey, signingSubkeys.next().getKeyID()); + Iterator signingSubkeys = PGPainless.inspectKeyRing(signingKey).getSigningSubkeys().listIterator(); + primaryKey = new SubkeyIdentifier(signingKey, signingSubkeys.next().getKeyIdentifier()); + signingKey1 = new SubkeyIdentifier(signingKey, signingSubkeys.next().getKeyIdentifier()); + signingKey2 = new SubkeyIdentifier(signingKey, signingSubkeys.next().getKeyIdentifier()); protector = SecretKeyRingProtector.unprotectedKeys(); } diff --git a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java index c62116b3..35c40e56 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java @@ -14,8 +14,6 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; import java.util.Arrays; import org.bouncycastle.openpgp.PGPException; @@ -60,7 +58,7 @@ public class SigningTest { PGPSecretKeyRing cryptieKeys = TestKeys.getCryptieSecretKeyRing(); KeyRingInfo cryptieInfo = new KeyRingInfo(cryptieKeys); - PGPSecretKey cryptieSigningKey = cryptieKeys.getSecretKey(cryptieInfo.getSigningSubkeys().get(0).getKeyID()); + PGPSecretKey cryptieSigningKey = cryptieKeys.getSecretKey(cryptieInfo.getSigningSubkeys().get(0).getKeyIdentifier()); PGPPublicKeyRingCollection keys = new PGPPublicKeyRingCollection(Arrays.asList(julietKeys, romeoKeys)); @@ -115,8 +113,7 @@ public class SigningTest { @TestTemplate @ExtendWith(TestAllImplementations.class) - public void testSignWithInvalidUserIdFails() - throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + public void testSignWithInvalidUserIdFails() { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() .modernKeyRing("alice", "password123"); SecretKeyRingProtector protector = SecretKeyRingProtector.unlockAnyKeyWith(Passphrase.fromPassword("password123")); @@ -131,7 +128,7 @@ public class SigningTest { @TestTemplate @ExtendWith(TestAllImplementations.class) public void testSignWithRevokedUserIdFails() - throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + throws PGPException { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() .modernKeyRing("alice", "password123"); SecretKeyRingProtector protector = SecretKeyRingProtector.unlockAnyKeyWith( @@ -184,7 +181,7 @@ public class SigningTest { @TestTemplate @ExtendWith(TestAllImplementations.class) public void negotiateHashAlgorithmChoseFallbackIfEmptyPreferences() - throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException { + throws PGPException, IOException { PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing() .setPrimaryKey(KeySpec.getBuilder( KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) @@ -214,7 +211,7 @@ public class SigningTest { @TestTemplate @ExtendWith(TestAllImplementations.class) public void negotiateHashAlgorithmChoseFallbackIfUnacceptablePreferences() - throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException { + throws PGPException, IOException { PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing() .setPrimaryKey( KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) @@ -243,8 +240,7 @@ public class SigningTest { @TestTemplate @ExtendWith(TestAllImplementations.class) - public void signingWithNonCapableKeyThrowsKeyCannotSignException() - throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + public void signingWithNonCapableKeyThrowsKeyCannotSignException() { PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing() .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), KeyFlag.CERTIFY_OTHER)) .addUserId("Alice") @@ -259,8 +255,7 @@ public class SigningTest { @TestTemplate @ExtendWith(TestAllImplementations.class) - public void signWithInvalidUserIdThrowsKeyValidationError() - throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + public void signWithInvalidUserIdThrowsKeyValidationError() { PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing() .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)) diff --git a/pgpainless-core/src/test/java/org/pgpainless/example/GenerateKeys.java b/pgpainless-core/src/test/java/org/pgpainless/example/GenerateKeys.java index 3ee24a60..c3b0dfa7 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/example/GenerateKeys.java +++ b/pgpainless-core/src/test/java/org/pgpainless/example/GenerateKeys.java @@ -72,9 +72,9 @@ public class GenerateKeys { assertEquals(PublicKeyAlgorithm.EDDSA_LEGACY.getAlgorithmId(), keyInfo.getAlgorithm().getAlgorithmId()); assertEquals(PublicKeyAlgorithm.EDDSA_LEGACY.getAlgorithmId(), - keyInfo.getSigningSubkeys().get(0).getAlgorithm()); + keyInfo.getSigningSubkeys().get(0).getPGPPublicKey().getAlgorithm()); assertEquals(PublicKeyAlgorithm.ECDH.getAlgorithmId(), - keyInfo.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getAlgorithm()); + keyInfo.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getPGPPublicKey().getAlgorithm()); } /** diff --git a/pgpainless-core/src/test/java/org/pgpainless/example/ModifyKeys.java b/pgpainless-core/src/test/java/org/pgpainless/example/ModifyKeys.java index fdc91cd2..296c5b56 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/example/ModifyKeys.java +++ b/pgpainless-core/src/test/java/org/pgpainless/example/ModifyKeys.java @@ -15,10 +15,11 @@ import java.security.NoSuchAlgorithmException; import java.util.Date; import java.util.List; +import org.bouncycastle.bcpg.KeyIdentifier; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; @@ -44,19 +45,18 @@ public class ModifyKeys { private final String originalPassphrase = "p4ssw0rd"; private PGPSecretKeyRing secretKey; private long primaryKeyId; - private long encryptionSubkeyId; - private long signingSubkeyId; + private KeyIdentifier encryptionSubkeyId; + private KeyIdentifier signingSubkeyId; @BeforeEach - public void generateKey() - throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + public void generateKey() { secretKey = PGPainless.generateKeyRing() .modernKeyRing(userId, originalPassphrase); KeyRingInfo info = PGPainless.inspectKeyRing(secretKey); primaryKeyId = info.getKeyIdentifier().getKeyId(); - encryptionSubkeyId = info.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getKeyID(); - signingSubkeyId = info.getSigningSubkeys().get(0).getKeyID(); + encryptionSubkeyId = info.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getKeyIdentifier(); + signingSubkeyId = info.getSigningSubkeys().get(0).getKeyIdentifier(); } /** @@ -75,7 +75,7 @@ public class ModifyKeys { * This example demonstrates how to export a secret key or certificate to an ASCII armored string. */ @Test - public void toAsciiArmoredString() throws IOException { + public void toAsciiArmoredString() { PGPPublicKeyRing certificate = PGPainless.extractCertificate(secretKey); String asciiArmoredSecretKey = PGPainless.asciiArmor(secretKey); @@ -111,7 +111,7 @@ public class ModifyKeys { public void changeSingleSubkeyPassphrase() throws PGPException { secretKey = PGPainless.modifyKeyRing(secretKey) // Here we change the passphrase of the encryption subkey - .changeSubKeyPassphraseFromOldPassphrase(encryptionSubkeyId, Passphrase.fromPassword(originalPassphrase)) + .changeSubKeyPassphraseFromOldPassphrase(encryptionSubkeyId.getKeyId(), Passphrase.fromPassword(originalPassphrase)) .withSecureDefaultSettings() .toNewPassphrase(Passphrase.fromPassword("cryptP4ssphr4s3")) .done(); @@ -147,13 +147,13 @@ public class ModifyKeys { * This example demonstrates how to add an additional subkey to an existing key. * Prerequisites are a {@link SecretKeyRingProtector} that is capable of unlocking the primary key of the existing key, * and a {@link Passphrase} for the new subkey. - * + *

* There are two ways to add a subkey into an existing key; * Either the subkey gets generated on the fly (see below), * or the subkey already exists. In the latter case, the user has to provide * {@link org.bouncycastle.openpgp.PGPSignatureSubpacketVector PGPSignatureSubpacketVectors} for the binding signature * manually. - * + *

* Once the subkey is added, it can be decrypted using the provided subkey passphrase. */ @Test @@ -173,9 +173,9 @@ public class ModifyKeys { KeyRingInfo info = PGPainless.inspectKeyRing(secretKey); assertEquals(4, info.getSecretKeys().size()); assertEquals(4, info.getPublicKeys().size()); - List encryptionSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.COMMUNICATIONS); + List encryptionSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.COMMUNICATIONS); assertEquals(2, encryptionSubkeys.size()); - UnlockSecretKey.unlockSecretKey(secretKey.getSecretKey(encryptionSubkeys.get(1).getKeyID()), subkeyPassphrase); + UnlockSecretKey.unlockSecretKey(secretKey.getSecretKey(encryptionSubkeys.get(1).getKeyIdentifier()), subkeyPassphrase); } /** diff --git a/pgpainless-core/src/test/java/org/pgpainless/example/Sign.java b/pgpainless-core/src/test/java/org/pgpainless/example/Sign.java index 06228c75..b3181369 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/example/Sign.java +++ b/pgpainless-core/src/test/java/org/pgpainless/example/Sign.java @@ -12,13 +12,11 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.nio.charset.StandardCharsets; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSignature; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.bouncycastle.util.io.Streams; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; @@ -38,7 +36,7 @@ public class Sign { private static SecretKeyRingProtector protector; @BeforeAll - public static void prepare() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + public static void prepare() { secretKey = PGPainless.generateKeyRing().modernKeyRing("Emilia Example "); protector = SecretKeyRingProtector.unprotectedKeys(); // no password } @@ -94,8 +92,8 @@ public class Sign { EncryptionResult result = signingStream.getResult(); - PGPPublicKey signingKey = PGPainless.inspectKeyRing(secretKey).getSigningSubkeys().get(0); - PGPSignature signature = result.getDetachedSignatures().get(new SubkeyIdentifier(secretKey, signingKey.getKeyID())).iterator().next(); + OpenPGPCertificate.OpenPGPComponentKey signingKey = PGPainless.inspectKeyRing(secretKey).getSigningSubkeys().get(0); + PGPSignature signature = result.getDetachedSignatures().get(new SubkeyIdentifier(secretKey, signingKey.getKeyIdentifier())).iterator().next(); String detachedSignature = ArmorUtils.toAsciiArmoredString(signature.getEncoded()); assertTrue(detachedSignature.startsWith("-----BEGIN PGP SIGNATURE-----")); diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/generation/KeyGenerationSubpacketsTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/generation/KeyGenerationSubpacketsTest.java index 6ebe74b3..9900f55b 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/KeyGenerationSubpacketsTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/KeyGenerationSubpacketsTest.java @@ -18,10 +18,10 @@ import java.util.List; import org.bouncycastle.bcpg.sig.IssuerFingerprint; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignatureSubpacketVector; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; import org.pgpainless.algorithm.HashAlgorithm; @@ -107,7 +107,7 @@ public class KeyGenerationSubpacketsTest { throws PGPException { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("Alice"); KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys); - List keysBefore = info.getPublicKeys(); + List keysBefore = info.getPublicKeys(); secretKeys = PGPainless.modifyKeyRing(secretKeys) .addSubKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), KeyFlag.SIGN_DATA).build(), @@ -116,12 +116,12 @@ public class KeyGenerationSubpacketsTest { info = PGPainless.inspectKeyRing(secretKeys); - List keysAfter = new ArrayList<>(info.getPublicKeys()); + List keysAfter = new ArrayList<>(info.getPublicKeys()); keysAfter.removeAll(keysBefore); assertEquals(1, keysAfter.size()); - PGPPublicKey newSigningKey = keysAfter.get(0); + OpenPGPCertificate.OpenPGPComponentKey newSigningKey = keysAfter.get(0); - PGPSignature bindingSig = info.getCurrentSubkeyBindingSignature(newSigningKey.getKeyID()); + PGPSignature bindingSig = info.getCurrentSubkeyBindingSignature(newSigningKey.getKeyIdentifier().getKeyId()); assertNotNull(bindingSig); assureSignatureHasDefaultSubpackets(bindingSig, secretKeys, KeyFlag.SIGN_DATA); assertNotNull(bindingSig.getHashedSubPackets().getEmbeddedSignatures().get(0)); @@ -142,8 +142,8 @@ public class KeyGenerationSubpacketsTest { keysAfter.removeAll(keysBefore); keysAfter.remove(newSigningKey); assertEquals(1, keysAfter.size()); - PGPPublicKey newEncryptionKey = keysAfter.get(0); - bindingSig = info.getCurrentSubkeyBindingSignature(newEncryptionKey.getKeyID()); + OpenPGPCertificate.OpenPGPComponentKey newEncryptionKey = keysAfter.get(0); + bindingSig = info.getCurrentSubkeyBindingSignature(newEncryptionKey.getKeyIdentifier().getKeyId()); assertNotNull(bindingSig); assertNull(bindingSig.getHashedSubPackets().getIssuerFingerprint()); assertEquals(KeyFlag.toBitmask(KeyFlag.ENCRYPT_COMMS), bindingSig.getHashedSubPackets().getKeyFlags()); diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/info/KeyRingInfoTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/info/KeyRingInfoTest.java index ca284cdc..8b1877ee 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/info/KeyRingInfoTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/info/KeyRingInfoTest.java @@ -25,10 +25,11 @@ import java.util.NoSuchElementException; import java.util.Set; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; +import org.bouncycastle.openpgp.api.OpenPGPKey; import org.junit.JUtils; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.TestTemplate; @@ -162,7 +163,7 @@ public class KeyRingInfoTest { PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys); - assertEquals(KeyRingUtils.requirePrimarySecretKeyFrom(secretKeys), info.getSecretKey()); + assertEquals(KeyRingUtils.requirePrimarySecretKeyFrom(secretKeys), info.getSecretKey().getPGPSecretKey()); info = PGPainless.inspectKeyRing(publicKeys); assertNull(info.getSecretKey()); @@ -173,7 +174,7 @@ public class KeyRingInfoTest { PGPSecretKeyRing secretKeys = TestKeys.getCryptieSecretKeyRing(); KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys); - assertEquals(KeyRingUtils.requirePrimaryPublicKeyFrom(secretKeys), info.getPublicKey()); + assertEquals(KeyRingUtils.requirePrimaryPublicKeyFrom(secretKeys), info.getPublicKey().getPGPPublicKey()); assertEquals(KeyRingUtils.requirePrimarySecretKeyFrom(secretKeys), KeyRingUtils.requireSecretKeyFrom(secretKeys, secretKeys.getPublicKey().getKeyID())); @@ -229,7 +230,7 @@ public class KeyRingInfoTest { KeyFlag.ENCRYPT_STORAGE)) .addSubkey(KeySpec.getBuilder( KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1), KeyFlag.SIGN_DATA)) - .addUserId(UserId.newBuilder().withName("Alice").withEmail("alice@pgpainless.org").build()) + .addUserId(UserId.builder().withName("Alice").withEmail("alice@pgpainless.org").build()) .build(); Iterator keys = secretKeys.iterator(); @@ -256,17 +257,17 @@ public class KeyRingInfoTest { KeyRingInfo info = new KeyRingInfo(secretKeys); - List encryptionKeys = info.getKeysWithKeyFlag(KeyFlag.ENCRYPT_STORAGE); + List encryptionKeys = info.getKeysWithKeyFlag(KeyFlag.ENCRYPT_STORAGE); assertEquals(1, encryptionKeys.size()); - assertEquals(encryptionKey.getKeyID(), encryptionKeys.get(0).getKeyID()); + assertEquals(encryptionKey.getKeyIdentifier(), encryptionKeys.get(0).getKeyIdentifier()); - List signingKeys = info.getKeysWithKeyFlag(KeyFlag.SIGN_DATA); + List signingKeys = info.getKeysWithKeyFlag(KeyFlag.SIGN_DATA); assertEquals(1, signingKeys.size()); - assertEquals(signingKey.getKeyID(), signingKeys.get(0).getKeyID()); + assertEquals(signingKey.getKeyIdentifier(), signingKeys.get(0).getKeyIdentifier()); - List certKeys = info.getKeysWithKeyFlag(KeyFlag.CERTIFY_OTHER); + List certKeys = info.getKeysWithKeyFlag(KeyFlag.CERTIFY_OTHER); assertEquals(1, certKeys.size()); - assertEquals(primaryKey.getKeyID(), certKeys.get(0).getKeyID()); + assertEquals(primaryKey.getKeyIdentifier(), certKeys.get(0).getKeyIdentifier()); assertNotNull(info.getPrimaryKeyExpirationDate()); assertEquals(primaryKeyExpiration.getTime(), info.getPrimaryKeyExpirationDate().getTime(), 5); @@ -522,14 +523,15 @@ public class KeyRingInfoTest { } @Test - public void getSecretKeyTest() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + public void getSecretKeyTest() { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("Alice"); + OpenPGPKey key = new OpenPGPKey(secretKeys); KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys); OpenPgpV4Fingerprint primaryKeyFingerprint = new OpenPgpV4Fingerprint(secretKeys); - PGPSecretKey primaryKey = info.getSecretKey(primaryKeyFingerprint); + OpenPGPKey.OpenPGPSecretKey primaryKey = info.getSecretKey(primaryKeyFingerprint); - assertEquals(secretKeys.getSecretKey(), primaryKey); + assertEquals(key.getPrimarySecretKey().getKeyIdentifier(), primaryKey.getKeyIdentifier()); } @Test @@ -693,12 +695,16 @@ public class KeyRingInfoTest { assertFalse(info.isKeyValidlyBound(unboundKey.getKeyId())); - List encryptionSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY); - assertTrue(encryptionSubkeys.stream().map(OpenPgpV4Fingerprint::new).noneMatch(f -> f.equals(unboundKey)), + List encryptionSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY); + assertTrue(encryptionSubkeys.stream() + .map(it -> new OpenPgpV4Fingerprint(it.getPGPPublicKey())) + .noneMatch(f -> f.equals(unboundKey)), "Unbound subkey MUST NOT be considered a valid encryption subkey"); - List signingSubkeys = info.getSigningSubkeys(); - assertTrue(signingSubkeys.stream().map(OpenPgpV4Fingerprint::new).noneMatch(f -> f.equals(unboundKey)), + List signingSubkeys = info.getSigningSubkeys(); + assertTrue(signingSubkeys.stream() + .map(it -> new OpenPgpV4Fingerprint(it.getPGPPublicKey())) + .noneMatch(f -> f.equals(unboundKey)), "Unbound subkey MUST NOT be considered a valid signing subkey"); assertTrue(info.getKeyFlagsOf(unboundKey.getKeyId()).isEmpty()); diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/modification/AddSubkeyWithModifiedBindingSignatureSubpacketsTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/modification/AddSubkeyWithModifiedBindingSignatureSubpacketsTest.java index 1c659e42..dce54107 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/modification/AddSubkeyWithModifiedBindingSignatureSubpacketsTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/modification/AddSubkeyWithModifiedBindingSignatureSubpacketsTest.java @@ -14,9 +14,9 @@ import java.util.List; import org.bouncycastle.bcpg.sig.NotationData; import org.bouncycastle.openpgp.PGPKeyPair; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSignature; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.junit.JUtils; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; @@ -59,19 +59,19 @@ public class AddSubkeyWithModifiedBindingSignatureSubpacketsTest { .done(); KeyRingInfo after = PGPainless.inspectKeyRing(secretKeys); - List signingKeys = after.getSigningSubkeys(); + List signingKeys = after.getSigningSubkeys(); signingKeys.removeAll(before.getSigningSubkeys()); assertFalse(signingKeys.isEmpty()); - PGPPublicKey newKey = signingKeys.get(0); - Date newExpirationDate = after.getSubkeyExpirationDate(new OpenPgpV4Fingerprint(newKey)); + OpenPGPCertificate.OpenPGPComponentKey newKey = signingKeys.get(0); + Date newExpirationDate = after.getSubkeyExpirationDate(new OpenPgpV4Fingerprint(newKey.getPGPPublicKey())); assertNotNull(newExpirationDate); Date now = new Date(); JUtils.assertEquals( now.getTime() + MILLIS_IN_SEC * secondsUntilExpiration, newExpirationDate.getTime(), 2 * MILLIS_IN_SEC); - assertTrue(newKey.getSignatures().hasNext()); - PGPSignature binding = newKey.getSignatures().next(); + assertTrue(newKey.getPGPPublicKey().getSignatures().hasNext()); + PGPSignature binding = newKey.getPGPPublicKey().getSignatures().next(); List notations = SignatureSubpacketsUtil.getHashedNotationData(binding); assertEquals(1, notations.size()); assertEquals("test@test.test", notations.get(0).getNotationName()); diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/modification/ChangeSubkeyExpirationTimeTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/modification/ChangeSubkeyExpirationTimeTest.java index e1926b67..94cc71a1 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/modification/ChangeSubkeyExpirationTimeTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/modification/ChangeSubkeyExpirationTimeTest.java @@ -4,8 +4,8 @@ package org.pgpainless.key.modification; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.junit.JUtils; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; @@ -28,17 +28,17 @@ public class ChangeSubkeyExpirationTimeTest { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("Alice"); Date now = secretKeys.getPublicKey().getCreationTime(); Date inAnHour = new Date(now.getTime() + 1000 * 60 * 60); - PGPPublicKey encryptionKey = PGPainless.inspectKeyRing(secretKeys) + OpenPGPCertificate.OpenPGPComponentKey encryptionKey = PGPainless.inspectKeyRing(secretKeys) .getEncryptionSubkeys(EncryptionPurpose.ANY).get(0); secretKeys = PGPainless.modifyKeyRing(secretKeys) .setExpirationDateOfSubkey( inAnHour, - encryptionKey.getKeyID(), + encryptionKey.getKeyIdentifier().getKeyId(), SecretKeyRingProtector.unprotectedKeys()) .done(); JUtils.assertDateEquals(inAnHour, PGPainless.inspectKeyRing(secretKeys) - .getSubkeyExpirationDate(OpenPgpFingerprint.of(encryptionKey))); + .getSubkeyExpirationDate(OpenPgpFingerprint.of(encryptionKey.getPGPPublicKey()))); } @Test diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/modification/RevokeSubKeyTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/modification/RevokeSubKeyTest.java index ee6f0de3..992df1da 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/modification/RevokeSubKeyTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/modification/RevokeSubKeyTest.java @@ -13,8 +13,6 @@ import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.IOException; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; import java.util.Iterator; import org.bouncycastle.bcpg.sig.IssuerFingerprint; @@ -127,11 +125,11 @@ public class RevokeSubKeyTest { @Test public void inspectSubpacketsOnDefaultRevocationSignature() - throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + throws PGPException { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("Alice"); SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys(); PGPPublicKey encryptionSubkey = PGPainless.inspectKeyRing(secretKeys) - .getEncryptionSubkeys(EncryptionPurpose.ANY).get(0); + .getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getPGPPublicKey(); secretKeys = PGPainless.modifyKeyRing(secretKeys) .revokeSubKey(encryptionSubkey.getKeyID(), protector) @@ -151,12 +149,11 @@ public class RevokeSubKeyTest { } @Test - public void inspectSubpacketsOnModifiedRevocationSignature() - throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + public void inspectSubpacketsOnModifiedRevocationSignature() { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("Alice"); SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys(); PGPPublicKey encryptionSubkey = PGPainless.inspectKeyRing(secretKeys) - .getEncryptionSubkeys(EncryptionPurpose.ANY).get(0); + .getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getPGPPublicKey(); secretKeys = PGPainless.modifyKeyRing(secretKeys) .revokeSubKey(encryptionSubkey.getKeyID(), protector, new RevocationSignatureSubpackets.Callback() { diff --git a/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureSubpacketsUtilTest.java b/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureSubpacketsUtilTest.java index 1caeb9e9..3d862ddf 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureSubpacketsUtilTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureSubpacketsUtilTest.java @@ -13,8 +13,6 @@ import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.IOException; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; import java.time.temporal.ChronoUnit; import java.util.Arrays; import java.util.Date; @@ -30,11 +28,11 @@ import org.bouncycastle.bcpg.sig.RevocationKey; import org.bouncycastle.bcpg.sig.TrustSignature; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPrivateKey; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignatureGenerator; import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; import org.pgpainless.algorithm.CompressionAlgorithm; @@ -52,7 +50,7 @@ import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil; public class SignatureSubpacketsUtilTest { @Test - public void testGetKeyExpirationTimeAsDate() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + public void testGetKeyExpirationTimeAsDate() { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() .modernKeyRing("Expire"); Date expiration = Date.from(new Date().toInstant().plus(365, ChronoUnit.DAYS)); @@ -62,10 +60,10 @@ public class SignatureSubpacketsUtilTest { PGPSignature expirationSig = SignaturePicker.pickCurrentUserIdCertificationSignature( secretKeys, "Expire", Policy.getInstance(), new Date()); - PGPPublicKey notTheRightKey = PGPainless.inspectKeyRing(secretKeys).getSigningSubkeys().get(0); + OpenPGPCertificate.OpenPGPComponentKey notTheRightKey = PGPainless.inspectKeyRing(secretKeys).getSigningSubkeys().get(0); assertThrows(IllegalArgumentException.class, () -> - SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(expirationSig, notTheRightKey)); + SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(expirationSig, notTheRightKey.getPGPPublicKey())); } @Test diff --git a/pgpainless-core/src/test/java/org/pgpainless/signature/builder/SubkeyAndPrimaryKeyBindingSignatureTest.java b/pgpainless-core/src/test/java/org/pgpainless/signature/builder/SubkeyAndPrimaryKeyBindingSignatureTest.java index e44af522..e4275636 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/signature/builder/SubkeyAndPrimaryKeyBindingSignatureTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/signature/builder/SubkeyAndPrimaryKeyBindingSignatureTest.java @@ -14,10 +14,10 @@ import java.util.HashSet; import java.util.Set; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSignature; +import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; import org.pgpainless.algorithm.EncryptionPurpose; @@ -37,10 +37,11 @@ public class SubkeyAndPrimaryKeyBindingSignatureTest { KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys); PGPSecretKey primaryKey = secretKeys.getSecretKey(); - PGPPublicKey encryptionSubkey = info.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0); + OpenPGPCertificate.OpenPGPComponentKey encryptionSubkey = + info.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0); assertNotNull(encryptionSubkey); - Set hashAlgorithmSet = info.getPreferredHashAlgorithms(encryptionSubkey.getKeyID()); + Set hashAlgorithmSet = info.getPreferredHashAlgorithms(encryptionSubkey.getKeyIdentifier()); assertEquals( new HashSet<>(Arrays.asList( HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256, HashAlgorithm.SHA224)), @@ -55,10 +56,10 @@ public class SubkeyAndPrimaryKeyBindingSignatureTest { } }); - PGPSignature binding = sbb.build(encryptionSubkey); - secretKeys = KeyRingUtils.injectCertification(secretKeys, encryptionSubkey, binding); + PGPSignature binding = sbb.build(encryptionSubkey.getPGPPublicKey()); + secretKeys = KeyRingUtils.injectCertification(secretKeys, encryptionSubkey.getPGPPublicKey(), binding); info = PGPainless.inspectKeyRing(secretKeys); - assertEquals(Collections.singleton(HashAlgorithm.SHA512), info.getPreferredHashAlgorithms(encryptionSubkey.getKeyID())); + assertEquals(Collections.singleton(HashAlgorithm.SHA512), info.getPreferredHashAlgorithms(encryptionSubkey.getKeyIdentifier())); } }