From 46d58f230ed2d8e12cb4c5f4a37f7781b915e529 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Wed, 2 Apr 2025 20:05:12 +0200 Subject: [PATCH] Port BcHashContextSigner and test --- .../encryption_signing/BcHashContextSigner.kt | 28 ++++++++++--------- .../BcHashContextSignerTest.java | 16 ++++++----- 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/BcHashContextSigner.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/BcHashContextSigner.kt index 88e8d21d..18303dfc 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/BcHashContextSigner.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/BcHashContextSigner.kt @@ -4,16 +4,15 @@ package org.pgpainless.encryption_signing -import java.security.MessageDigest import org.bouncycastle.openpgp.PGPException -import org.bouncycastle.openpgp.PGPPrivateKey -import org.bouncycastle.openpgp.PGPSecretKeyRing -import org.bouncycastle.openpgp.PGPSignature import org.bouncycastle.openpgp.PGPSignatureGenerator +import org.bouncycastle.openpgp.api.OpenPGPKey +import org.bouncycastle.openpgp.api.OpenPGPSignature.OpenPGPDocumentSignature import org.pgpainless.PGPainless import org.pgpainless.algorithm.SignatureType -import org.pgpainless.bouncycastle.extensions.unlock import org.pgpainless.key.protection.SecretKeyRingProtector +import org.pgpainless.key.protection.UnlockSecretKey +import java.security.MessageDigest class BcHashContextSigner { @@ -22,15 +21,15 @@ class BcHashContextSigner { fun signHashContext( hashContext: MessageDigest, signatureType: SignatureType, - secretKey: PGPSecretKeyRing, + secretKey: OpenPGPKey, protector: SecretKeyRingProtector - ): PGPSignature { - val info = PGPainless.inspectKeyRing(secretKey) + ): OpenPGPDocumentSignature { + val info = PGPainless.getInstance().inspect(secretKey) return info.signingSubkeys .mapNotNull { info.getSecretKey(it.keyIdentifier) } .firstOrNull() ?.let { - signHashContext(hashContext, signatureType, it.pgpSecretKey.unlock(protector)) + signHashContext(hashContext, signatureType, UnlockSecretKey.unlockSecretKey(it, protector)) } ?: throw PGPException("Key does not contain suitable signing subkey.") } @@ -47,11 +46,14 @@ class BcHashContextSigner { internal fun signHashContext( hashContext: MessageDigest, signatureType: SignatureType, - privateKey: PGPPrivateKey - ): PGPSignature { - return PGPSignatureGenerator(BcPGPHashContextContentSignerBuilder(hashContext)) - .apply { init(signatureType.code, privateKey) } + privateKey: OpenPGPKey.OpenPGPPrivateKey + ): OpenPGPDocumentSignature { + return PGPSignatureGenerator( + BcPGPHashContextContentSignerBuilder(hashContext), + privateKey.keyPair.publicKey) + .apply { init(signatureType.code, privateKey.keyPair.privateKey) } .generate() + .let { OpenPGPDocumentSignature(it, privateKey.publicKey) } } } } diff --git a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/BcHashContextSignerTest.java b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/BcHashContextSignerTest.java index 660001fa..fe89af80 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/BcHashContextSignerTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/BcHashContextSignerTest.java @@ -16,9 +16,9 @@ import java.security.NoSuchAlgorithmException; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.api.OpenPGPCertificate; import org.bouncycastle.openpgp.api.OpenPGPKey; +import org.bouncycastle.openpgp.api.OpenPGPSignature; import org.bouncycastle.util.io.Streams; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; @@ -66,13 +66,15 @@ public class BcHashContextSignerTest { @Test public void signContextWithRSAKeys() throws PGPException, NoSuchAlgorithmException, IOException { - OpenPGPKey secretKeys = PGPainless.generateKeyRing().simpleRsaKeyRing("Sigfried", RsaLength._3072); + OpenPGPKey secretKeys = PGPainless.getInstance().generateKey() + .simpleRsaKeyRing("Sigfried", RsaLength._3072); signWithKeys(secretKeys); } @Test public void signContextWithEcKeys() throws PGPException, NoSuchAlgorithmException, IOException { - OpenPGPKey secretKeys = PGPainless.generateKeyRing().simpleEcKeyRing("Sigfried"); + OpenPGPKey secretKeys = PGPainless.getInstance().generateKey() + .simpleEcKeyRing("Sigfried"); signWithKeys(secretKeys); } @@ -91,8 +93,8 @@ public class BcHashContextSignerTest { byte[] messageBytes = message.getBytes(StandardCharsets.UTF_8); ByteArrayInputStream messageIn = new ByteArrayInputStream(messageBytes); - PGPSignature signature = signMessage(messageBytes, hashAlgorithm, secretKeys); - assertEquals(hashAlgorithm.getAlgorithmId(), signature.getHashAlgorithm()); + OpenPGPSignature.OpenPGPDocumentSignature signature = signMessage(messageBytes, hashAlgorithm, secretKeys); + assertEquals(hashAlgorithm.getAlgorithmId(), signature.getSignature().getHashAlgorithm()); DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() .onInputStream(messageIn) @@ -108,13 +110,13 @@ public class BcHashContextSignerTest { assertTrue(metadata.isVerifiedSigned()); } - private PGPSignature signMessage(byte[] message, HashAlgorithm hashAlgorithm, OpenPGPKey secretKeys) + private OpenPGPSignature.OpenPGPDocumentSignature signMessage(byte[] message, HashAlgorithm hashAlgorithm, OpenPGPKey secretKeys) throws NoSuchAlgorithmException { // Prepare the hash context // This would be done by the caller application MessageDigest messageDigest = MessageDigest.getInstance(hashAlgorithm.getAlgorithmName(), new BouncyCastleProvider()); messageDigest.update(message); - return BcHashContextSigner.signHashContext(messageDigest, SignatureType.BINARY_DOCUMENT, secretKeys.getPGPSecretKeyRing(), SecretKeyRingProtector.unprotectedKeys()); + return BcHashContextSigner.signHashContext(messageDigest, SignatureType.BINARY_DOCUMENT, secretKeys, SecretKeyRingProtector.unprotectedKeys()); } }