Remove usage of OpenPgpKeyAttributeUtil

2025-09-09 10:19:39 +02:00 · 2025-05-08 14:56:35 +02:00 · 2025-05-08 14:56:35 +02:00 · aaf88b8d3e
commit aaf88b8d3e
parent 702db4d75c
5 changed files with 5 additions and 188 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/key/package-info.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/package-info.java
@ -1,8 +0,0 @@
 // SPDX-FileCopyrightText: 2018 Paul Schaub <vanitasvitae@fsfe.org>
 //
 // SPDX-License-Identifier: Apache-2.0
 /**
 * Classes related to OpenPGP keys.
 */
 package org.pgpainless.key;
--- a/pgpainless-core/src/main/java/org/pgpainless/key/util/OpenPgpKeyAttributeUtil.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/util/OpenPgpKeyAttributeUtil.java
@ -1,113 +0,0 @@
 // SPDX-FileCopyrightText: 2020 Paul Schaub <vanitasvitae@fsfe.org>
 //
 // SPDX-License-Identifier: Apache-2.0
 package org.pgpainless.key.util;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.pgpainless.algorithm.HashAlgorithm;
 import org.pgpainless.algorithm.SignatureType;
 public final class OpenPgpKeyAttributeUtil {
    private OpenPgpKeyAttributeUtil() {
    }
    public static List<HashAlgorithm> getPreferredHashAlgorithms(PGPPublicKey publicKey) {
        List<HashAlgorithm> hashAlgorithms = new ArrayList<>();
        Iterator<?> keySignatures = publicKey.getSignatures();
        while (keySignatures.hasNext()) {
            PGPSignature signature = (PGPSignature) keySignatures.next();
            if (signature.getKeyID() != publicKey.getKeyID()) {
                // Signature from a foreign key. Skip.
                continue;
            }
            SignatureType signatureType = SignatureType.fromCode(signature.getSignatureType());
            if (signatureType == null) {
                // unknown signature type
                continue;
            }
            if (signatureType == SignatureType.POSITIVE_CERTIFICATION
                    || signatureType == SignatureType.GENERIC_CERTIFICATION) {
                int[] hashAlgos = signature.getHashedSubPackets().getPreferredHashAlgorithms();
                if (hashAlgos == null) {
                    continue;
                }
                for (int h : hashAlgos) {
                    HashAlgorithm algorithm = HashAlgorithm.fromId(h);
                    if (algorithm != null) {
                        hashAlgorithms.add(algorithm);
                    }
                }
                // Exit the loop after the first key signature with hash algorithms.
                break;
            }
        }
        return hashAlgorithms;
    }
    /**
     * Return the hash algorithm that was used in the latest self signature.
     *
     * @param publicKey public key
     * @return list of hash algorithm
     */
    public static List<HashAlgorithm> guessPreferredHashAlgorithms(PGPPublicKey publicKey) {
        HashAlgorithm hashAlgorithm = null;
        Date lastCreationDate = null;
        Iterator<?> keySignatures = publicKey.getSignatures();
        while (keySignatures.hasNext()) {
            PGPSignature signature = (PGPSignature) keySignatures.next();
            if (signature.getKeyID() != publicKey.getKeyID()) {
                continue;
            }
            SignatureType signatureType = SignatureType.fromCode(signature.getSignatureType());
            if (signatureType == null || signatureType != SignatureType.POSITIVE_CERTIFICATION
                    && signatureType != SignatureType.GENERIC_CERTIFICATION) {
                continue;
            }
            Date creationDate = signature.getCreationTime();
            if (lastCreationDate == null || lastCreationDate.before(creationDate)) {
                lastCreationDate = creationDate;
                hashAlgorithm = HashAlgorithm.fromId(signature.getHashAlgorithm());
            }
        }
        if (hashAlgorithm == null) {
            return Collections.emptyList();
        }
        return Collections.singletonList(hashAlgorithm);
    }
    /**
     * Try to extract hash algorithm preferences from self signatures.
     * If no self-signature containing hash algorithm preferences is found,
     * try to derive a hash algorithm preference by inspecting the hash algorithm used by existing
     * self-signatures.
     *
     * @param publicKey key
     * @return hash algorithm preferences (might be empty!)
     */
    public static Set<HashAlgorithm> getOrGuessPreferredHashAlgorithms(PGPPublicKey publicKey) {
        List<HashAlgorithm> preferredHashAlgorithms = OpenPgpKeyAttributeUtil.getPreferredHashAlgorithms(publicKey);
        if (preferredHashAlgorithms.isEmpty()) {
            preferredHashAlgorithms = OpenPgpKeyAttributeUtil.guessPreferredHashAlgorithms(publicKey);
        }
        return new LinkedHashSet<>(preferredHashAlgorithms);
    }
 }
--- a/pgpainless-core/src/main/java/org/pgpainless/key/util/package-info.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/util/package-info.java
@ -1,8 +0,0 @@
 // SPDX-FileCopyrightText: 2020 Paul Schaub <vanitasvitae@fsfe.org>
 //
 // SPDX-License-Identifier: Apache-2.0
 /**
 * Utility functions to deal with OpenPGP keys.
 */
 package org.pgpainless.key.util;
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt
@ -6,7 +6,6 @@ package org.pgpainless.signature.builder
 import java.util.function.Predicate
 import org.bouncycastle.openpgp.PGPException
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSignature
 import org.bouncycastle.openpgp.PGPSignatureGenerator
 import org.bouncycastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey
@ -14,10 +13,9 @@ import org.bouncycastle.openpgp.api.OpenPGPKey
 import org.pgpainless.PGPainless
 import org.pgpainless.algorithm.HashAlgorithm
 import org.pgpainless.algorithm.SignatureType
-import org.pgpainless.algorithm.negotiation.HashAlgorithmNegotiator
+import org.pgpainless.bouncycastle.extensions.toHashAlgorithms
 import org.pgpainless.key.protection.SecretKeyRingProtector
 import org.pgpainless.key.protection.UnlockSecretKey
 import org.pgpainless.key.util.OpenPgpKeyAttributeUtil
 import org.pgpainless.signature.subpackets.SignatureSubpackets
 import org.pgpainless.signature.subpackets.SignatureSubpacketsHelper
@ -127,20 +125,11 @@ abstract class AbstractSignatureBuilder<B : AbstractSignatureBuilder<B>>(
    companion object {
        /**
         * Negotiate a [HashAlgorithm] to be used when creating the signature.
         *
         * @param publicKey signing public key
         * @return hash algorithm
         */
        @JvmStatic
        fun negotiateHashAlgorithm(publicKey: PGPPublicKey, api: PGPainless): HashAlgorithm =
            HashAlgorithmNegotiator.negotiateSignatureHashAlgorithm(api.algorithmPolicy)
                .negotiateHashAlgorithm(
                    OpenPgpKeyAttributeUtil.getOrGuessPreferredHashAlgorithms(publicKey))
        @JvmStatic
        fun negotiateHashAlgorithm(key: OpenPGPComponentKey, api: PGPainless): HashAlgorithm =
-            negotiateHashAlgorithm(key.pgpPublicKey, api)
+            key.hashAlgorithmPreferences?.toHashAlgorithms()?.first {
                api.algorithmPolicy.dataSignatureHashAlgorithmPolicy.isAcceptable(it)
            }
                ?: api.algorithmPolicy.dataSignatureHashAlgorithmPolicy.defaultHashAlgorithm
    }
 }
--- a/pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java
@ -1,43 +0,0 @@
 // SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
 //
 // SPDX-License-Identifier: Apache-2.0
 package org.pgpainless.util;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import java.util.Collections;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.AlgorithmSuite;
 import org.pgpainless.algorithm.HashAlgorithm;
 import org.pgpainless.algorithm.KeyFlag;
 import org.pgpainless.algorithm.OpenPGPKeyVersion;
 import org.pgpainless.key.generation.KeySpec;
 import org.pgpainless.key.generation.type.KeyType;
 import org.pgpainless.key.generation.type.eddsa_legacy.EdDSALegacyCurve;
 import org.pgpainless.key.util.OpenPgpKeyAttributeUtil;
 public class GuessPreferredHashAlgorithmTest {
    @Test
    public void guessPreferredHashAlgorithmsAssumesHashAlgoUsedBySelfSig() {
        PGPainless api = PGPainless.getInstance();
        PGPSecretKeyRing secretKeys = api.buildKey(OpenPGPKeyVersion.v4)
                .withPreferences(AlgorithmSuite.emptyBuilder().build())
                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519),
                                KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
                .addUserId("test@test.test")
                .build()
                .getPGPSecretKeyRing();
        PGPPublicKey publicKey = secretKeys.getPublicKey();
        assertEquals(Collections.emptyList(),
                OpenPgpKeyAttributeUtil.getPreferredHashAlgorithms(publicKey));
        assertEquals(Collections.singletonList(HashAlgorithm.SHA512),
                OpenPgpKeyAttributeUtil.guessPreferredHashAlgorithms(publicKey));
    }
 }