Migrate from MissingPublicKeyCallback to OpenPGPCertifcateProvider

2025-12-08 13:21:09 +01:00 · 2025-02-24 12:33:04 +01:00 · 2025-02-24 12:33:04 +01:00 · 674696d551
commit 674696d551
parent dca52ee0be
4 changed files with 15 additions and 42 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/ConsumerOptions.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/ConsumerOptions.kt
@ -12,6 +12,7 @@ import org.bouncycastle.openpgp.*
 import org.bouncycastle.openpgp.api.OpenPGPCertificate
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.openpgp.api.OpenPGPKey
+import org.bouncycastle.openpgp.api.OpenPGPKeyMaterialProvider.OpenPGPCertificateProvider
 import org.bouncycastle.openpgp.api.OpenPGPSignature.OpenPGPDocumentSignature
 import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory
 import org.pgpainless.PGPainless
@ -34,7 +35,7 @@ class ConsumerOptions {

    private val certificates = CertificateSource()
    private val detachedSignatures = mutableSetOf<PGPSignature>()
-    private var missingCertificateCallback: MissingPublicKeyCallback? = null
+    private var missingCertificateCallback: OpenPGPCertificateProvider? = null

    private var sessionKey: SessionKey? = null
    private val customDecryptorFactories =
@ -164,9 +165,10 @@ class ConsumerOptions {
     * @param callback callback
     * @return options
     */
-    fun setMissingCertificateCallback(callback: MissingPublicKeyCallback): ConsumerOptions = apply {
-        this.missingCertificateCallback = callback
-    }
+    fun setMissingCertificateCallback(callback: OpenPGPCertificateProvider): ConsumerOptions =
+        apply {
+            this.missingCertificateCallback = callback
+        }

    /**
     * Attempt decryption using a session key.
@ -283,7 +285,7 @@ class ConsumerOptions {
     *
     * @return missing public key callback
     */
-    fun getMissingCertificateCallback(): MissingPublicKeyCallback? = missingCertificateCallback
+    fun getMissingCertificateCallback(): OpenPGPCertificateProvider? = missingCertificateCallback

    /**
     * Return the [SecretKeyRingProtector] for the given [PGPSecretKeyRing].
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/MissingPublicKeyCallback.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/MissingPublicKeyCallback.kt
@ -1,28 +0,0 @@
-// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
-//
-// SPDX-License-Identifier: Apache-2.0
-
-package org.pgpainless.decryption_verification
-
-import org.bouncycastle.bcpg.KeyIdentifier
-import org.bouncycastle.openpgp.api.OpenPGPCertificate
-
-fun interface MissingPublicKeyCallback {
-
-    /**
-     * This method gets called if we encounter a signature made by a key which was not provided for
-     * signature verification. If you cannot provide the requested key, it is safe to return null
-     * here. PGPainless will then continue verification with the next signature.
-     *
-     * Note: The key-id might belong to a subkey, so be aware that when looking up the
-     * [OpenPGPCertificate], you may not only search for the key-id on the key rings primary key!
-     *
-     * It would be super cool to provide the OpenPgp fingerprint here, but unfortunately
-     * one-pass-signatures only contain the key id.
-     *
-     * @param keyIdentifier ID of the missing signing (sub)key
-     * @return keyring containing the key or null
-     * @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-5.4">RFC</a>
-     */
-    fun onMissingPublicKeyEncountered(keyIdentifier: KeyIdentifier): OpenPGPCertificate?
-}
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt
@ -912,7 +912,7 @@ class OpenPgpMessageInputStream(
            if (options.getMissingCertificateCallback() != null) {
                return options
                    .getMissingCertificateCallback()!!
-                    .onMissingPublicKeyEncountered(signature.keyIdentifiers.first())
+                    .provide(signature.keyIdentifiers.first())
            }
            return null // TODO: Missing cert for sig
        }
@ -924,9 +924,7 @@ class OpenPgpMessageInputStream(
            }

            if (options.getMissingCertificateCallback() != null) {
-                return options
-                    .getMissingCertificateCallback()!!
-                    .onMissingPublicKeyEncountered(signature.keyIdentifier)
+                return options.getMissingCertificateCallback()!!.provide(signature.keyIdentifier)
            }
            return null // TODO: Missing cert for sig
        }