Allow passing creation time into KeyRingTemplates, replace deprecated methods

2025-09-09 18:29:39 +02:00 · 2025-03-17 16:12:10 +01:00 · 2025-03-17 16:12:10 +01:00 · 9c591ef6d1
commit 9c591ef6d1
parent 4f7aea6019
4 changed files with 54 additions and 36 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/PGPainless.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/PGPainless.kt
@ -48,8 +48,9 @@ class PGPainless(
    @JvmOverloads
    fun generateKey(
        version: OpenPGPKeyVersion = OpenPGPKeyVersion.v4,
-        creationTime: Date = Date()
-    ): KeyRingTemplates = KeyRingTemplates(version, creationTime)
+        creationTime: Date = Date(),
+        policy: Policy = algorithmPolicy
+    ): KeyRingTemplates = KeyRingTemplates(version, creationTime, policy)

    @JvmOverloads
    fun buildKey(
@ -98,8 +99,10 @@ class PGPainless(
         */
        @JvmStatic
        @JvmOverloads
-        fun buildKeyRing(version: OpenPGPKeyVersion = OpenPGPKeyVersion.v4) =
-            KeyRingBuilder(version, getInstance().implementation)
+        fun buildKeyRing(
+            version: OpenPGPKeyVersion = OpenPGPKeyVersion.v4,
+            policy: Policy = getInstance().algorithmPolicy
+        ) = KeyRingBuilder(version, getInstance().implementation, policy)

        /**
         * Read an existing OpenPGP key ring.
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
@ -27,7 +27,8 @@ import org.pgpainless.util.Passphrase

 class KeyRingBuilder(
    private val version: OpenPGPKeyVersion,
-    private val implementation: OpenPGPImplementation
+    private val implementation: OpenPGPImplementation,
+    private val policy: Policy = PGPainless.getInstance().algorithmPolicy
 ) : KeyRingBuilderInterface<KeyRingBuilder> {

    private var primaryKeySpec: KeySpec? = null
@ -37,13 +38,13 @@ class KeyRingBuilder(
    private var expirationDate: Date? = Date(System.currentTimeMillis() + (5 * MILLIS_IN_YEAR))

    override fun setPrimaryKey(keySpec: KeySpec): KeyRingBuilder = apply {
-        verifyKeySpecCompliesToPolicy(keySpec, PGPainless.getPolicy())
+        verifyKeySpecCompliesToPolicy(keySpec, policy)
        verifyPrimaryKeyCanCertify(keySpec)
        this.primaryKeySpec = keySpec
    }

    override fun addSubkey(keySpec: KeySpec): KeyRingBuilder = apply {
-        verifyKeySpecCompliesToPolicy(keySpec, PGPainless.getPolicy())
+        verifyKeySpecCompliesToPolicy(keySpec, policy)
        subKeySpecs.add(keySpec)
    }

@ -83,11 +84,11 @@ class KeyRingBuilder(
    private fun keyIsCertificationCapable(keySpec: KeySpec) = keySpec.keyType.canCertify

    override fun build(): OpenPGPKey {
-        val checksumCalculator = OpenPGPImplementation.getInstance().checksumCalculator()
+        val checksumCalculator = implementation.checksumCalculator()

        // generate primary key
        requireNotNull(primaryKeySpec) { "Primary Key spec required." }
-        val certKey = generateKeyPair(primaryKeySpec!!, version)
+        val certKey = generateKeyPair(primaryKeySpec!!, version, implementation)

        val secretKeyEncryptor = buildSecretKeyEncryptor(certKey.publicKey)
        val secretKeyDecryptor = buildSecretKeyDecryptor()
@ -168,7 +169,7 @@ class KeyRingBuilder(

    private fun addSubKeys(primaryKey: PGPKeyPair, ringGenerator: PGPKeyRingGenerator) {
        for (subKeySpec in subKeySpecs) {
-            val subKey = generateKeyPair(subKeySpec, version)
+            val subKey = generateKeyPair(subKeySpec, version, implementation)
            if (subKeySpec.isInheritedSubPackets) {
                ringGenerator.addSubKey(subKey)
            } else {
@ -209,20 +210,19 @@ class KeyRingBuilder(
    }

    private fun buildContentSigner(certKey: PGPKeyPair): PGPContentSignerBuilder {
-        val hashAlgorithm =
-            PGPainless.getPolicy().certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm
-        return OpenPGPImplementation.getInstance()
-            .pgpContentSignerBuilder(certKey.publicKey.algorithm, hashAlgorithm.algorithmId)
+        val hashAlgorithm = policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm
+        return implementation.pgpContentSignerBuilder(
+            certKey.publicKey.algorithm, hashAlgorithm.algorithmId)
    }

    private fun buildSecretKeyEncryptor(
        publicKey: PGPPublicKey,
    ): PBESecretKeyEncryptor? {
        check(passphrase.isValid) { "Passphrase was cleared." }
-        val protectionSettings = PGPainless.getPolicy().keyProtectionSettings
+        val protectionSettings = policy.keyProtectionSettings
        return if (passphrase.isEmpty) null
        else
-            OpenPGPImplementation.getInstance()
+            implementation
                .pbeSecretKeyEncryptorFactory(
                    protectionSettings.aead,
                    protectionSettings.encryptionAlgorithm.algorithmId,
@ -234,7 +234,7 @@ class KeyRingBuilder(
        check(passphrase.isValid) { "Passphrase was cleared." }
        return if (passphrase.isEmpty) null
        else
-            OpenPGPImplementation.getInstance()
+            implementation
                .pbeSecretKeyDecryptorBuilderProvider()
                .provide()
                .build(passphrase.getChars())
@ -248,12 +248,11 @@ class KeyRingBuilder(
        fun generateKeyPair(
            spec: KeySpec,
            version: OpenPGPKeyVersion,
+            implementation: OpenPGPImplementation = PGPainless.getInstance().implementation,
            creationTime: Date = spec.keyCreationDate ?: Date()
        ): PGPKeyPair {
            val gen =
-                OpenPGPImplementation.getInstance()
-                    .pgpKeyPairGeneratorProvider()
-                    .get(version.numeric, creationTime)
+                implementation.pgpKeyPairGeneratorProvider().get(version.numeric, creationTime)

            return spec.keyType.generateKeyPair(gen)
        }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingTemplates.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingTemplates.kt
@ -6,6 +6,7 @@ package org.pgpainless.key.generation

 import java.util.*
 import org.bouncycastle.openpgp.api.OpenPGPKey
+import org.pgpainless.PGPainless
 import org.pgpainless.PGPainless.Companion.buildKeyRing
 import org.pgpainless.algorithm.KeyFlag
 import org.pgpainless.algorithm.OpenPGPKeyVersion
@ -14,11 +15,13 @@ import org.pgpainless.key.generation.type.KeyType
 import org.pgpainless.key.generation.type.eddsa_legacy.EdDSALegacyCurve
 import org.pgpainless.key.generation.type.rsa.RsaLength
 import org.pgpainless.key.generation.type.xdh_legacy.XDHLegacySpec
+import org.pgpainless.policy.Policy
 import org.pgpainless.util.Passphrase

 class KeyRingTemplates(
    private val version: OpenPGPKeyVersion,
-    private val creationTime: Date = Date()
+    private val creationTime: Date = Date(),
+    private val policy: Policy = PGPainless.getInstance().algorithmPolicy
 ) {

    /**
@ -36,12 +39,17 @@ class KeyRingTemplates(
        length: RsaLength,
        passphrase: Passphrase = Passphrase.emptyPassphrase()
    ): OpenPGPKey =
-        buildKeyRing(version)
+        buildKeyRing(version, policy)
            .apply {
-                setPrimaryKey(getBuilder(KeyType.RSA(length), KeyFlag.CERTIFY_OTHER))
-                addSubkey(getBuilder(KeyType.RSA(length), KeyFlag.SIGN_DATA))
+                setPrimaryKey(
+                    getBuilder(KeyType.RSA(length), KeyFlag.CERTIFY_OTHER)
+                        .setKeyCreationDate(creationTime))
                addSubkey(
-                    getBuilder(KeyType.RSA(length), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE))
+                    getBuilder(KeyType.RSA(length), KeyFlag.SIGN_DATA)
+                        .setKeyCreationDate(creationTime))
+                addSubkey(
+                    getBuilder(KeyType.RSA(length), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
+                        .setKeyCreationDate(creationTime))
                setPassphrase(passphrase)
                if (userId != null) {
                    addUserId(userId)
@ -90,7 +98,8 @@ class KeyRingTemplates(
                            KeyType.RSA(length),
                            KeyFlag.CERTIFY_OTHER,
                            KeyFlag.SIGN_DATA,
-                        KeyFlag.ENCRYPT_COMMS))
+                            KeyFlag.ENCRYPT_COMMS)
+                        .setKeyCreationDate(creationTime))
                setPassphrase(passphrase)
                if (userId != null) {
                    addUserId(userId.toString())
@ -138,9 +147,12 @@ class KeyRingTemplates(
            else KeyType.XDH_LEGACY(XDHLegacySpec._X25519)
        return buildKeyRing(version)
            .apply {
-                setPrimaryKey(getBuilder(signingKeyType, KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
+                setPrimaryKey(
+                    getBuilder(signingKeyType, KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
+                        .setKeyCreationDate(creationTime))
                addSubkey(
-                    getBuilder(encryptionKeyType, KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
+                    getBuilder(encryptionKeyType, KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS)
+                        .setKeyCreationDate(creationTime))
                setPassphrase(passphrase)
                if (userId != null) {
                    addUserId(userId.toString())
@ -188,10 +200,14 @@ class KeyRingTemplates(
            else KeyType.XDH_LEGACY(XDHLegacySpec._X25519)
        return buildKeyRing(version)
            .apply {
-                setPrimaryKey(getBuilder(signingKeyType, KeyFlag.CERTIFY_OTHER))
+                setPrimaryKey(
+                    getBuilder(signingKeyType, KeyFlag.CERTIFY_OTHER)
+                        .setKeyCreationDate(creationTime))
                addSubkey(
-                    getBuilder(encryptionKeyType, KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE))
-                addSubkey(getBuilder(signingKeyType, KeyFlag.SIGN_DATA))
+                    getBuilder(encryptionKeyType, KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
+                        .setKeyCreationDate(creationTime))
+                addSubkey(
+                    getBuilder(signingKeyType, KeyFlag.SIGN_DATA).setKeyCreationDate(creationTime))
                setPassphrase(passphrase)
                if (userId != null) {
                    addUserId(userId)
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
@ -266,8 +266,8 @@ class SecretKeyRingEditor(var key: OpenPGPKey, override val referenceTime: Date
        callback: SelfSignatureSubpackets.Callback?,
        protector: SecretKeyRingProtector
    ): SecretKeyRingEditorInterface {
-        val version = OpenPGPKeyVersion.from(secretKeyRing.getPublicKey().version)
-        val keyPair = KeyRingBuilder.generateKeyPair(keySpec, OpenPGPKeyVersion.v4, referenceTime)
+        val version = OpenPGPKeyVersion.from(secretKeyRing.publicKey.version)
+        val keyPair = KeyRingBuilder.generateKeyPair(keySpec, version)
        val subkeyProtector =
            PasswordBasedSecretKeyRingProtector.forKeyId(keyPair.keyIdentifier, subkeyPassphrase)
        val keyFlags = KeyFlag.fromBitmask(keySpec.subpackets.keyFlags).toMutableList()