Merge branch 'certification'

pgpainless-core/src/test/java/org/pgpainless/algorithm/TrustworthinessTest.java

@@ -0,0 +1,87 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.algorithm;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.junit.jupiter.api.Test;
+
+public class TrustworthinessTest {
+
+    @Test
+    public void fullyTrustedIntroducer() {
+        Trustworthiness it = Trustworthiness.fullyTrusted().introducer();
+        assertTrue(it.isFullyTrusted());
+        assertFalse(it.isNotTrusted());
+
+        assertTrue(it.isIntroducer());
+        assertFalse(it.canIntroduce(it));
+    }
+
+    @Test
+    public void marginallyTrustedIntroducer() {
+        Trustworthiness it = Trustworthiness.marginallyTrusted().introducer();
+        assertFalse(it.isFullyTrusted());
+        assertTrue(it.isMarginallyTrusted());
+        assertFalse(it.isNotTrusted());
+
+        assertTrue(it.isIntroducer());
+        assertFalse(it.canIntroduce(2));
+    }
+
+    @Test
+    public void nonTrustedIntroducer() {
+        Trustworthiness it = Trustworthiness.untrusted().introducer();
+        assertTrue(it.isNotTrusted());
+        assertFalse(it.isMarginallyTrusted());
+        assertFalse(it.isFullyTrusted());
+
+        assertTrue(it.isIntroducer());
+    }
+
+    @Test
+    public void trustedMetaIntroducer() {
+        Trustworthiness it = Trustworthiness.fullyTrusted().metaIntroducer();
+        assertTrue(it.isFullyTrusted());
+        assertTrue(it.isIntroducer());
+
+        Trustworthiness that = Trustworthiness.fullyTrusted().introducer();
+        assertTrue(it.canIntroduce(that));
+        assertFalse(that.canIntroduce(it));
+    }
+
+    @Test
+    public void invalidArguments() {
+        assertThrows(IllegalArgumentException.class, () -> new Trustworthiness(300, 1));
+        assertThrows(IllegalArgumentException.class, () -> new Trustworthiness(60, 300));
+        assertThrows(IllegalArgumentException.class, () -> new Trustworthiness(-4, 1));
+        assertThrows(IllegalArgumentException.class, () -> new Trustworthiness(120, -1));
+    }
+
+    @Test
+    public void inBetweenValues() {
+        Trustworthiness it = new Trustworthiness(30, 1);
+        assertTrue(it.isMarginallyTrusted());
+        assertFalse(it.isFullyTrusted());
+
+        it = new Trustworthiness(140, 1);
+        assertTrue(it.isFullyTrusted());
+    }
+
+    @Test
+    public void depthHierarchyTest() {
+        Trustworthiness l1 = Trustworthiness.fullyTrusted().metaIntroducerOfDepth(1);
+        Trustworthiness l2 = Trustworthiness.fullyTrusted().metaIntroducerOfDepth(2);
+        Trustworthiness l3 = Trustworthiness.fullyTrusted().metaIntroducerOfDepth(3);
+
+        assertTrue(l3.canIntroduce(l2));
+        assertTrue(l3.canIntroduce(l1));
+        assertTrue(l2.canIntroduce(l1));
+        assertFalse(l1.canIntroduce(l2));
+        assertFalse(l1.canIntroduce(l3));
+    }
+}

pgpainless-core/src/test/java/org/pgpainless/key/certification/CertifyCertificateTest.java

@@ -0,0 +1,108 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.key.certification;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.util.List;
+
+import org.bouncycastle.bcpg.sig.TrustSignature;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPublicKey;
+import org.bouncycastle.openpgp.PGPPublicKeyRing;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.bouncycastle.openpgp.PGPSignature;
+import org.bouncycastle.util.Arrays;
+import org.junit.jupiter.api.Test;
+import org.pgpainless.PGPainless;
+import org.pgpainless.algorithm.SignatureType;
+import org.pgpainless.algorithm.Trustworthiness;
+import org.pgpainless.key.protection.SecretKeyRingProtector;
+import org.pgpainless.signature.consumer.SignatureVerifier;
+import org.pgpainless.util.CollectionUtils;
+import org.pgpainless.util.DateUtil;
+
+public class CertifyCertificateTest {
+
+    @Test
+    public void testUserIdCertification() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
+        SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
+        PGPSecretKeyRing alice = PGPainless.generateKeyRing().modernKeyRing("Alice <alice@pgpainless.org>");
+        String bobUserId = "Bob <bob@pgpainless.org>";
+        PGPSecretKeyRing bob = PGPainless.generateKeyRing().modernKeyRing(bobUserId);
+
+        PGPPublicKeyRing bobCertificate = PGPainless.extractCertificate(bob);
+
+        CertifyCertificate.CertificationResult result = PGPainless.certify()
+                .userIdOnCertificate(bobUserId, bobCertificate)
+                .withKey(alice, protector)
+                .build();
+
+        assertNotNull(result);
+        PGPSignature signature = result.getCertification();
+        assertNotNull(signature);
+        assertEquals(SignatureType.GENERIC_CERTIFICATION, SignatureType.valueOf(signature.getSignatureType()));
+        assertEquals(alice.getPublicKey().getKeyID(), signature.getKeyID());
+
+        assertTrue(SignatureVerifier.verifyUserIdCertification(
+                bobUserId, signature, alice.getPublicKey(), bob.getPublicKey(), PGPainless.getPolicy(), DateUtil.now()));
+
+        PGPPublicKeyRing bobCertified = result.getCertifiedCertificate();
+        PGPPublicKey bobCertifiedKey = bobCertified.getPublicKey();
+        // There are 2 sigs now, bobs own and alice'
+        assertEquals(2, CollectionUtils.iteratorToList(bobCertifiedKey.getSignaturesForID(bobUserId)).size());
+        List<PGPSignature> sigsByAlice = CollectionUtils.iteratorToList(
+                bobCertifiedKey.getSignaturesForKeyID(alice.getPublicKey().getKeyID()));
+        assertEquals(1, sigsByAlice.size());
+        assertEquals(signature, sigsByAlice.get(0));
+
+        assertFalse(Arrays.areEqual(bobCertificate.getEncoded(), bobCertified.getEncoded()));
+    }
+
+    @Test
+    public void testKeyDelegation() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
+        SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
+        PGPSecretKeyRing alice = PGPainless.generateKeyRing().modernKeyRing("Alice <alice@pgpainless.org>");
+        PGPSecretKeyRing bob = PGPainless.generateKeyRing().modernKeyRing("Bob <bob@pgpainless.org>");
+
+        PGPPublicKeyRing bobCertificate = PGPainless.extractCertificate(bob);
+
+        CertifyCertificate.CertificationResult result = PGPainless.certify()
+                .certificate(bobCertificate, Trustworthiness.fullyTrusted().introducer())
+                .withKey(alice, protector)
+                .build();
+
+        assertNotNull(result);
+        PGPSignature signature = result.getCertification();
+        assertNotNull(signature);
+        assertEquals(SignatureType.DIRECT_KEY, SignatureType.valueOf(signature.getSignatureType()));
+        assertEquals(alice.getPublicKey().getKeyID(), signature.getKeyID());
+        TrustSignature trustSignaturePacket = signature.getHashedSubPackets().getTrust();
+        assertNotNull(trustSignaturePacket);
+        Trustworthiness trustworthiness = new Trustworthiness(trustSignaturePacket.getTrustAmount(), trustSignaturePacket.getDepth());
+        assertTrue(trustworthiness.isFullyTrusted());
+        assertTrue(trustworthiness.isIntroducer());
+        assertFalse(trustworthiness.canIntroduce(1));
+
+        assertTrue(SignatureVerifier.verifyDirectKeySignature(
+                signature, alice.getPublicKey(), bob.getPublicKey(), PGPainless.getPolicy(), DateUtil.now()));
+
+        PGPPublicKeyRing bobCertified = result.getCertifiedCertificate();
+        PGPPublicKey bobCertifiedKey = bobCertified.getPublicKey();
+
+        List<PGPSignature> sigsByAlice = CollectionUtils.iteratorToList(
+                bobCertifiedKey.getSignaturesForKeyID(alice.getPublicKey().getKeyID()));
+        assertEquals(1, sigsByAlice.size());
+        assertEquals(signature, sigsByAlice.get(0));
+
+        assertFalse(Arrays.areEqual(bobCertificate.getEncoded(), bobCertified.getEncoded()));
+    }
+}

pgpainless-core/src/test/java/org/pgpainless/signature/builder/ThirdPartyDirectKeySignatureBuilderTest.java

@@ -29,14 +29,14 @@ import org.pgpainless.key.util.KeyRingUtils;
 import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
 import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
 
-public class DirectKeySignatureBuilderTest {
+public class ThirdPartyDirectKeySignatureBuilderTest {
 
     @Test
     public void testDirectKeySignatureBuilding() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
         PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
                 .modernKeyRing("Alice");
 
-        DirectKeySignatureBuilder dsb = new DirectKeySignatureBuilder(
+        DirectKeySelfSignatureBuilder dsb = new DirectKeySelfSignatureBuilder(
                 secretKeys.getSecretKey(),
                 SecretKeyRingProtector.unprotectedKeys());