From 65f341f68713c9bcb81df83d28821b77e3c685a7 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 8 May 2025 14:56:35 +0200 Subject: [PATCH] Remove usage of OpenPgpKeyAttributeUtil --- .../java/org/pgpainless/key/package-info.java | 8 -- .../key/util/OpenPgpKeyAttributeUtil.java | 113 ------------------ .../org/pgpainless/key/util/package-info.java | 8 -- .../builder/AbstractSignatureBuilder.kt | 21 +--- .../util/GuessPreferredHashAlgorithmTest.java | 43 ------- 5 files changed, 5 insertions(+), 188 deletions(-) delete mode 100644 pgpainless-core/src/main/java/org/pgpainless/key/package-info.java delete mode 100644 pgpainless-core/src/main/java/org/pgpainless/key/util/OpenPgpKeyAttributeUtil.java delete mode 100644 pgpainless-core/src/main/java/org/pgpainless/key/util/package-info.java delete mode 100644 pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/package-info.java b/pgpainless-core/src/main/java/org/pgpainless/key/package-info.java deleted file mode 100644 index 060cd540..00000000 --- a/pgpainless-core/src/main/java/org/pgpainless/key/package-info.java +++ /dev/null @@ -1,8 +0,0 @@ -// SPDX-FileCopyrightText: 2018 Paul Schaub -// -// SPDX-License-Identifier: Apache-2.0 - -/** - * Classes related to OpenPGP keys. - */ -package org.pgpainless.key; diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/util/OpenPgpKeyAttributeUtil.java b/pgpainless-core/src/main/java/org/pgpainless/key/util/OpenPgpKeyAttributeUtil.java deleted file mode 100644 index f7a78404..00000000 --- a/pgpainless-core/src/main/java/org/pgpainless/key/util/OpenPgpKeyAttributeUtil.java +++ /dev/null @@ -1,113 +0,0 @@ -// SPDX-FileCopyrightText: 2020 Paul Schaub -// -// SPDX-License-Identifier: Apache-2.0 - -package org.pgpainless.key.util; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.Date; -import java.util.Iterator; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Set; - -import org.bouncycastle.openpgp.PGPPublicKey; -import org.bouncycastle.openpgp.PGPSignature; -import org.pgpainless.algorithm.HashAlgorithm; -import org.pgpainless.algorithm.SignatureType; - -public final class OpenPgpKeyAttributeUtil { - - private OpenPgpKeyAttributeUtil() { - - } - - public static List getPreferredHashAlgorithms(PGPPublicKey publicKey) { - List hashAlgorithms = new ArrayList<>(); - Iterator keySignatures = publicKey.getSignatures(); - while (keySignatures.hasNext()) { - PGPSignature signature = (PGPSignature) keySignatures.next(); - - if (signature.getKeyID() != publicKey.getKeyID()) { - // Signature from a foreign key. Skip. - continue; - } - - SignatureType signatureType = SignatureType.fromCode(signature.getSignatureType()); - if (signatureType == null) { - // unknown signature type - continue; - } - if (signatureType == SignatureType.POSITIVE_CERTIFICATION - || signatureType == SignatureType.GENERIC_CERTIFICATION) { - int[] hashAlgos = signature.getHashedSubPackets().getPreferredHashAlgorithms(); - if (hashAlgos == null) { - continue; - } - for (int h : hashAlgos) { - HashAlgorithm algorithm = HashAlgorithm.fromId(h); - if (algorithm != null) { - hashAlgorithms.add(algorithm); - } - } - // Exit the loop after the first key signature with hash algorithms. - break; - } - } - return hashAlgorithms; - } - - /** - * Return the hash algorithm that was used in the latest self signature. - * - * @param publicKey public key - * @return list of hash algorithm - */ - public static List guessPreferredHashAlgorithms(PGPPublicKey publicKey) { - HashAlgorithm hashAlgorithm = null; - Date lastCreationDate = null; - - Iterator keySignatures = publicKey.getSignatures(); - while (keySignatures.hasNext()) { - PGPSignature signature = (PGPSignature) keySignatures.next(); - if (signature.getKeyID() != publicKey.getKeyID()) { - continue; - } - - SignatureType signatureType = SignatureType.fromCode(signature.getSignatureType()); - if (signatureType == null || signatureType != SignatureType.POSITIVE_CERTIFICATION - && signatureType != SignatureType.GENERIC_CERTIFICATION) { - continue; - } - - Date creationDate = signature.getCreationTime(); - if (lastCreationDate == null || lastCreationDate.before(creationDate)) { - lastCreationDate = creationDate; - hashAlgorithm = HashAlgorithm.fromId(signature.getHashAlgorithm()); - } - } - - if (hashAlgorithm == null) { - return Collections.emptyList(); - } - return Collections.singletonList(hashAlgorithm); - } - - /** - * Try to extract hash algorithm preferences from self signatures. - * If no self-signature containing hash algorithm preferences is found, - * try to derive a hash algorithm preference by inspecting the hash algorithm used by existing - * self-signatures. - * - * @param publicKey key - * @return hash algorithm preferences (might be empty!) - */ - public static Set getOrGuessPreferredHashAlgorithms(PGPPublicKey publicKey) { - List preferredHashAlgorithms = OpenPgpKeyAttributeUtil.getPreferredHashAlgorithms(publicKey); - if (preferredHashAlgorithms.isEmpty()) { - preferredHashAlgorithms = OpenPgpKeyAttributeUtil.guessPreferredHashAlgorithms(publicKey); - } - return new LinkedHashSet<>(preferredHashAlgorithms); - } -} diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/util/package-info.java b/pgpainless-core/src/main/java/org/pgpainless/key/util/package-info.java deleted file mode 100644 index 4609c126..00000000 --- a/pgpainless-core/src/main/java/org/pgpainless/key/util/package-info.java +++ /dev/null @@ -1,8 +0,0 @@ -// SPDX-FileCopyrightText: 2020 Paul Schaub -// -// SPDX-License-Identifier: Apache-2.0 - -/** - * Utility functions to deal with OpenPGP keys. - */ -package org.pgpainless.key.util; diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt index 4fa7ba31..cc2fb19d 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt @@ -6,7 +6,6 @@ package org.pgpainless.signature.builder import java.util.function.Predicate import org.bouncycastle.openpgp.PGPException -import org.bouncycastle.openpgp.PGPPublicKey import org.bouncycastle.openpgp.PGPSignature import org.bouncycastle.openpgp.PGPSignatureGenerator import org.bouncycastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey @@ -14,10 +13,9 @@ import org.bouncycastle.openpgp.api.OpenPGPKey import org.pgpainless.PGPainless import org.pgpainless.algorithm.HashAlgorithm import org.pgpainless.algorithm.SignatureType -import org.pgpainless.algorithm.negotiation.HashAlgorithmNegotiator +import org.pgpainless.bouncycastle.extensions.toHashAlgorithms import org.pgpainless.key.protection.SecretKeyRingProtector import org.pgpainless.key.protection.UnlockSecretKey -import org.pgpainless.key.util.OpenPgpKeyAttributeUtil import org.pgpainless.signature.subpackets.SignatureSubpackets import org.pgpainless.signature.subpackets.SignatureSubpacketsHelper @@ -127,20 +125,11 @@ abstract class AbstractSignatureBuilder>( companion object { - /** - * Negotiate a [HashAlgorithm] to be used when creating the signature. - * - * @param publicKey signing public key - * @return hash algorithm - */ - @JvmStatic - fun negotiateHashAlgorithm(publicKey: PGPPublicKey, api: PGPainless): HashAlgorithm = - HashAlgorithmNegotiator.negotiateSignatureHashAlgorithm(api.algorithmPolicy) - .negotiateHashAlgorithm( - OpenPgpKeyAttributeUtil.getOrGuessPreferredHashAlgorithms(publicKey)) - @JvmStatic fun negotiateHashAlgorithm(key: OpenPGPComponentKey, api: PGPainless): HashAlgorithm = - negotiateHashAlgorithm(key.pgpPublicKey, api) + key.hashAlgorithmPreferences?.toHashAlgorithms()?.first { + api.algorithmPolicy.dataSignatureHashAlgorithmPolicy.isAcceptable(it) + } + ?: api.algorithmPolicy.dataSignatureHashAlgorithmPolicy.defaultHashAlgorithm } } diff --git a/pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java b/pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java deleted file mode 100644 index 136f0eef..00000000 --- a/pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java +++ /dev/null @@ -1,43 +0,0 @@ -// SPDX-FileCopyrightText: 2021 Paul Schaub -// -// SPDX-License-Identifier: Apache-2.0 - -package org.pgpainless.util; - -import static org.junit.jupiter.api.Assertions.assertEquals; - -import java.util.Collections; - -import org.bouncycastle.openpgp.PGPPublicKey; -import org.bouncycastle.openpgp.PGPSecretKeyRing; -import org.junit.jupiter.api.Test; -import org.pgpainless.PGPainless; -import org.pgpainless.algorithm.AlgorithmSuite; -import org.pgpainless.algorithm.HashAlgorithm; -import org.pgpainless.algorithm.KeyFlag; -import org.pgpainless.algorithm.OpenPGPKeyVersion; -import org.pgpainless.key.generation.KeySpec; -import org.pgpainless.key.generation.type.KeyType; -import org.pgpainless.key.generation.type.eddsa_legacy.EdDSALegacyCurve; -import org.pgpainless.key.util.OpenPgpKeyAttributeUtil; - -public class GuessPreferredHashAlgorithmTest { - - @Test - public void guessPreferredHashAlgorithmsAssumesHashAlgoUsedBySelfSig() { - PGPainless api = PGPainless.getInstance(); - PGPSecretKeyRing secretKeys = api.buildKey(OpenPGPKeyVersion.v4) - .withPreferences(AlgorithmSuite.emptyBuilder().build()) - .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), - KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)) - .addUserId("test@test.test") - .build() - .getPGPSecretKeyRing(); - - PGPPublicKey publicKey = secretKeys.getPublicKey(); - assertEquals(Collections.emptyList(), - OpenPgpKeyAttributeUtil.getPreferredHashAlgorithms(publicKey)); - assertEquals(Collections.singletonList(HashAlgorithm.SHA512), - OpenPgpKeyAttributeUtil.guessPreferredHashAlgorithms(publicKey)); - } -}