PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-09-09 10:19:39 +02:00
Code Issues Releases Wiki Activity

Rename new CertifyCertificate API methods and add revocation methods

Browse source
This commit is contained in:
Paul Schaub 2025-03-26 15:01:30 +01:00
parent a8cbd36a52
commit 8c58ca620d
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
4 changed files with 47 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

11
pgpainless-core/src/main/kotlin/org/pgpainless/key/certification/CertifyCertificate.kt
View file

@ -48,7 +48,7 @@ class CertifyCertificate(private val api: PGPainless) {
* @return API
*/
@JvmOverloads
fun userIdOnCertificate(
fun certifyUserId(
userId: CharSequence,
certificate: OpenPGPCertificate,
certificationType: CertificationType = CertificationType.GENERIC
@ -62,7 +62,8 @@ class CertifyCertificate(private val api: PGPainless) {
* @param certificate certificate
* @return API
*/
@Deprecated("Pass in an OpenPGPCertificate instead of PGPPublicKeyRing.")
@Deprecated(
"Pass in an OpenPGPCertificate instead.", replaceWith = ReplaceWith("certifyUserId"))
fun userIdOnCertificate(userId: String, certificate: PGPPublicKeyRing): CertificationOnUserId =
userIdOnCertificate(userId, certificate, CertificationType.GENERIC)
@ -88,7 +89,7 @@ class CertifyCertificate(private val api: PGPainless) {
* @param userId userid to revoke
* @param certificate certificate carrying the userid
*/
fun revokeUserIdOnCertificate(userId: CharSequence, certificate: OpenPGPCertificate) =
fun revokeCertifiedUserId(userId: CharSequence, certificate: OpenPGPCertificate) =
RevocationOnUserId(userId, certificate, api)
/**
@ -100,7 +101,7 @@ class CertifyCertificate(private val api: PGPainless) {
* @return API
*/
@JvmOverloads
fun certificate(certificate: OpenPGPCertificate, trustworthiness: Trustworthiness? = null) =
fun delegateTrust(certificate: OpenPGPCertificate, trustworthiness: Trustworthiness? = null) =
DelegationOnCertificate(certificate, trustworthiness, api)
/**
@ -133,7 +134,7 @@ class CertifyCertificate(private val api: PGPainless) {
*
* @param certificate certificate to revoke the delegation to
*/
fun revokeCertificate(certificate: OpenPGPCertificate): RevocationOnCertificate =
fun revokeDelegatedTrust(certificate: OpenPGPCertificate): RevocationOnCertificate =
RevocationOnCertificate(certificate, api)
class CertificationOnUserId(

8
pgpainless-core/src/test/java/org/pgpainless/key/certification/CertifyCertificateTest.java
View file

@ -47,7 +47,7 @@ public class CertifyCertificateTest {
OpenPGPCertificate bobCertificate = bob.toCertificate();
CertifyCertificate.CertificationResult result = api.generateCertification()
.userIdOnCertificate(bobUserId, bobCertificate)
.certifyUserId(bobUserId, bobCertificate)
.withKey(alice, protector)
.build();
@ -82,7 +82,7 @@ public class CertifyCertificateTest {
OpenPGPCertificate bobCertificate = bob.toCertificate();
CertifyCertificate.CertificationResult result = api.generateCertification()
.certificate(bobCertificate, Trustworthiness.fullyTrusted().introducer())
.delegateTrust(bobCertificate, Trustworthiness.fullyTrusted().introducer())
.withKey(alice, protector)
.build();
@ -125,7 +125,7 @@ public class CertifyCertificateTest {
String petName = "Bobby";
CertifyCertificate.CertificationResult result = api.generateCertification()
.userIdOnCertificate(petName, bobCert)
.certifyUserId(petName, bobCert)
.withKey(aliceKey, SecretKeyRingProtector.unprotectedKeys())
.buildWithSubpackets(new CertificationSubpackets.Callback() {
@Override
@ -155,7 +155,7 @@ public class CertifyCertificateTest {
OpenPGPCertificate caCert = caKey.toCertificate();
CertifyCertificate.CertificationResult result = api.generateCertification()
.certificate(caCert, Trustworthiness.fullyTrusted().introducer())
.delegateTrust(caCert, Trustworthiness.fullyTrusted().introducer())
.withKey(aliceKey, SecretKeyRingProtector.unprotectedKeys())
.buildWithSubpackets(new CertificationSubpackets.Callback() {
@Override

40
pgpainless-core/src/test/java/org/pgpainless/key/certification/CertifyV6CertificateTest.java
View file

@ -5,6 +5,7 @@
package org.pgpainless.key.certification;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPSignatureException;
import org.bouncycastle.openpgp.api.OpenPGPCertificate;
import org.bouncycastle.openpgp.api.OpenPGPKey;
import org.junit.jupiter.api.Test;
@ -19,7 +20,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
public class CertifyV6CertificateTest {
@Test
public void testCertifyV6CertWithV6Key() throws PGPException {
public void testCertifyV6UIDWithV6Key() throws PGPException {
PGPainless api = PGPainless.getInstance();
OpenPGPKey aliceKey = api.generateKey(OpenPGPKeyVersion.v6)
@ -31,7 +32,7 @@ public class CertifyV6CertificateTest {
// Create a certification on Bobs certificate
OpenPGPCertificate bobCertified = api.generateCertification()
.userIdOnCertificate("Bob <bob@pgpainless.org>", bobCert)
.certifyUserId("Bob <bob@pgpainless.org>", bobCert)
.withKey(aliceKey, SecretKeyRingProtector.unprotectedKeys())
.build().getCertifiedCertificate();
@ -43,7 +44,6 @@ public class CertifyV6CertificateTest {
assertTrue(signatureChain.isValid());
// Revoke Alice' key and...
OpenPGPKey aliceRevoked = api.modify(aliceKey)
.revoke(SecretKeyRingProtector.unprotectedKeys())
@ -64,7 +64,7 @@ public class CertifyV6CertificateTest {
// Instead, revoke the certification itself and...
bobCertified = api.generateCertification()
.revokeUserIdOnCertificate("Bob <bob@pgpainless.org>", bobCertified)
.revokeCertifiedUserId("Bob <bob@pgpainless.org>", bobCertified)
.withKey(aliceKey, SecretKeyRingProtector.unprotectedKeys())
.build().getCertifiedCertificate();
@ -75,4 +75,36 @@ public class CertifyV6CertificateTest {
assertNotNull(brokenChain);
assertTrue(brokenChain.isValid());
}
@Test
public void testCertifyV6CertificateWithV6Key() throws PGPSignatureException {
PGPainless api = PGPainless.getInstance();
OpenPGPKey aliceKey = api.generateKey(OpenPGPKeyVersion.v6)
.modernKeyRing("Alice <alice@pgpainless.org>");
OpenPGPKey bobKey = api.generateKey(OpenPGPKeyVersion.v6)
.modernKeyRing("Bob <bob@pgpainless.org>");
OpenPGPCertificate bobCert = bobKey.toCertificate();
// Alice delegates trust to Bob
OpenPGPCertificate bobDelegated = api.generateCertification()
.delegateTrust(bobCert)
.withKey(aliceKey, SecretKeyRingProtector.unprotectedKeys())
.build().getCertifiedCertificate();
// Check that Bob is actually delegated to by Alice
OpenPGPCertificate.OpenPGPSignatureChain delegation = bobDelegated.getDelegationBy(aliceKey.toCertificate());
assertNotNull(delegation);
assertTrue(delegation.isValid());
// Alice revokes the delegation
OpenPGPCertificate bobRevoked = api.generateCertification()
.revokeDelegatedTrust(bobDelegated)
.withKey(aliceKey, SecretKeyRingProtector.unprotectedKeys())
.build().getCertifiedCertificate();
OpenPGPCertificate.OpenPGPSignatureChain revocation = bobRevoked.getRevocationBy(aliceKey.toCertificate());
assertNotNull(revocation);
assertTrue(revocation.isValid());
}
}

2
pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithoutPrimaryKeyFlagsTest.java
View file

@ -61,7 +61,7 @@ public class GenerateKeyWithoutPrimaryKeyFlagsTest {
// Key without CERTIFY_OTHER flag cannot be used to certify other keys
OpenPGPCertificate thirdPartyCert = TestKeys.getCryptieCertificate();
assertThrows(KeyException.UnacceptableThirdPartyCertificationKeyException.class, () ->
api.generateCertification().certificate(thirdPartyCert)
api.generateCertification().delegateTrust(thirdPartyCert)
.withKey(key, SecretKeyRingProtector.unprotectedKeys()));
// Key without CERTIFY_OTHER flags is usable for encryption and signing