mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-09-09 18:29:39 +02:00
Improve KeyExceptions
This commit is contained in:
parent
3e8dd78e74
commit
c0b6ea8f96
GPG key ID:
62BEE9264BF17311
4 changed files with 99 additions and 48 deletions
|
|
@ -4,7 +4,9 @@
|
|||
|
||||
package org.pgpainless.exception;
|
||||
|
||||
import org.bouncycastle.bcpg.KeyIdentifier;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.bouncycastle.openpgp.api.OpenPGPCertificate;
|
||||
import org.pgpainless.algorithm.PublicKeyAlgorithm;
|
||||
import org.pgpainless.key.OpenPgpFingerprint;
|
||||
import org.pgpainless.util.DateUtil;
|
||||
|
|
@ -33,6 +35,10 @@ public abstract class KeyException extends RuntimeException {
|
|||
|
||||
public static class ExpiredKeyException extends KeyException {
|
||||
|
||||
public ExpiredKeyException(@Nonnull OpenPGPCertificate cert, @Nonnull Date expirationDate) {
|
||||
this(OpenPgpFingerprint.of(cert), expirationDate);
|
||||
}
|
||||
|
||||
public ExpiredKeyException(@Nonnull OpenPgpFingerprint fingerprint, @Nonnull Date expirationDate) {
|
||||
super("Key " + fingerprint + " is expired. Expiration date: " + DateUtil.formatUTCDate(expirationDate), fingerprint);
|
||||
}
|
||||
|
|
@ -43,10 +49,29 @@ public abstract class KeyException extends RuntimeException {
|
|||
public RevokedKeyException(@Nonnull OpenPgpFingerprint fingerprint) {
|
||||
super("Key " + fingerprint + " appears to be revoked.", fingerprint);
|
||||
}
|
||||
|
||||
public RevokedKeyException(@Nonnull OpenPGPCertificate.OpenPGPComponentKey key) {
|
||||
super("Subkey " + key.getKeyIdentifier() + " appears to be revoked.",
|
||||
OpenPgpFingerprint.of(key));
|
||||
}
|
||||
|
||||
public RevokedKeyException(@Nonnull OpenPGPCertificate cert) {
|
||||
super("Key or certificate " + cert.getKeyIdentifier() + " appears to be revoked.",
|
||||
OpenPgpFingerprint.of(cert));
|
||||
}
|
||||
}
|
||||
|
||||
public static class UnacceptableEncryptionKeyException extends KeyException {
|
||||
|
||||
public UnacceptableEncryptionKeyException(@Nonnull OpenPGPCertificate cert) {
|
||||
this(OpenPgpFingerprint.of(cert));
|
||||
}
|
||||
|
||||
public UnacceptableEncryptionKeyException(@Nonnull OpenPGPCertificate.OpenPGPComponentKey subkey) {
|
||||
super("Subkey " + subkey.getKeyIdentifier() + " is not an acceptable encryption key.",
|
||||
OpenPgpFingerprint.of(subkey));
|
||||
}
|
||||
|
||||
public UnacceptableEncryptionKeyException(@Nonnull OpenPgpFingerprint fingerprint) {
|
||||
super("Key " + fingerprint + " has no acceptable encryption key.", fingerprint);
|
||||
}
|
||||
|
|
@ -58,6 +83,14 @@ public abstract class KeyException extends RuntimeException {
|
|||
|
||||
public static class UnacceptableSigningKeyException extends KeyException {
|
||||
|
||||
public UnacceptableSigningKeyException(OpenPGPCertificate certificate) {
|
||||
this(OpenPgpFingerprint.of(certificate));
|
||||
}
|
||||
|
||||
public UnacceptableSigningKeyException(OpenPGPCertificate.OpenPGPComponentKey subkey) {
|
||||
this(OpenPgpFingerprint.of(subkey));
|
||||
}
|
||||
|
||||
public UnacceptableSigningKeyException(@Nonnull OpenPgpFingerprint fingerprint) {
|
||||
super("Key " + fingerprint + " has no acceptable signing key.", fingerprint);
|
||||
}
|
||||
|
|
@ -76,6 +109,10 @@ public abstract class KeyException extends RuntimeException {
|
|||
|
||||
public static class UnacceptableSelfSignatureException extends KeyException {
|
||||
|
||||
public UnacceptableSelfSignatureException(@Nonnull OpenPGPCertificate cert) {
|
||||
this(OpenPgpFingerprint.of(cert));
|
||||
}
|
||||
|
||||
public UnacceptableSelfSignatureException(@Nonnull OpenPgpFingerprint fingerprint) {
|
||||
super("Key " + fingerprint + " does not have a valid/acceptable signature to derive an expiration date from.", fingerprint);
|
||||
}
|
||||
|
|
@ -83,29 +120,50 @@ public abstract class KeyException extends RuntimeException {
|
|||
|
||||
public static class MissingSecretKeyException extends KeyException {
|
||||
|
||||
private final long missingSecretKeyId;
|
||||
private final KeyIdentifier missingSecretKeyIdentifier;
|
||||
|
||||
public MissingSecretKeyException(@Nonnull OpenPgpFingerprint fingerprint, long keyId) {
|
||||
super("Key " + fingerprint + " does not contain a secret key for public key " + Long.toHexString(keyId), fingerprint);
|
||||
this.missingSecretKeyId = keyId;
|
||||
public MissingSecretKeyException(@Nonnull OpenPGPCertificate.OpenPGPComponentKey publicKey) {
|
||||
this(OpenPgpFingerprint.of(publicKey.getCertificate()), publicKey.getKeyIdentifier());
|
||||
}
|
||||
|
||||
public long getMissingSecretKeyId() {
|
||||
return missingSecretKeyId;
|
||||
public MissingSecretKeyException(@Nonnull OpenPgpFingerprint fingerprint, KeyIdentifier keyIdentifier) {
|
||||
super("Key " + fingerprint + " does not contain a secret key for public key " + keyIdentifier, fingerprint);
|
||||
this.missingSecretKeyIdentifier = keyIdentifier;
|
||||
}
|
||||
|
||||
@Deprecated
|
||||
public MissingSecretKeyException(@Nonnull OpenPgpFingerprint fingerprint, long keyId) {
|
||||
this(fingerprint, new KeyIdentifier(keyId));
|
||||
}
|
||||
|
||||
public KeyIdentifier getMissingSecretKeyIdentifier() {
|
||||
return missingSecretKeyIdentifier;
|
||||
}
|
||||
}
|
||||
|
||||
public static class PublicKeyAlgorithmPolicyException extends KeyException {
|
||||
|
||||
private final long violatingSubkeyId;
|
||||
private final KeyIdentifier violatingSubkeyId;
|
||||
|
||||
public PublicKeyAlgorithmPolicyException(@Nonnull OpenPgpFingerprint fingerprint, long keyId, @Nonnull PublicKeyAlgorithm algorithm, int bitSize) {
|
||||
super("Subkey " + Long.toHexString(keyId) + " of key " + fingerprint + " is violating the Public Key Algorithm Policy:\n" +
|
||||
algorithm + " of size " + bitSize + " is not acceptable.", fingerprint);
|
||||
this.violatingSubkeyId = keyId;
|
||||
public PublicKeyAlgorithmPolicyException(@Nonnull OpenPGPCertificate.OpenPGPComponentKey subkey,
|
||||
@Nonnull PublicKeyAlgorithm algorithm,
|
||||
int bitSize) {
|
||||
super("Subkey " + subkey.getKeyIdentifier() + " of key " + subkey.getCertificate().getKeyIdentifier() +
|
||||
" is violating the Public Key Algorithm Policy:\n" +
|
||||
algorithm + " of size " + bitSize + " is not acceptable.", OpenPgpFingerprint.of(subkey));
|
||||
this.violatingSubkeyId = subkey.getKeyIdentifier();
|
||||
}
|
||||
|
||||
public long getViolatingSubkeyId() {
|
||||
public PublicKeyAlgorithmPolicyException(@Nonnull OpenPgpFingerprint fingerprint,
|
||||
long keyId,
|
||||
@Nonnull PublicKeyAlgorithm algorithm,
|
||||
int bitSize) {
|
||||
super("Subkey " + Long.toHexString(keyId) + " of key " + fingerprint + " is violating the Public Key Algorithm Policy:\n" +
|
||||
algorithm + " of size " + bitSize + " is not acceptable.", fingerprint);
|
||||
this.violatingSubkeyId = new KeyIdentifier(keyId);
|
||||
}
|
||||
|
||||
public KeyIdentifier getViolatingSubkeyId() {
|
||||
return violatingSubkeyId;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ import org.pgpainless.bouncycastle.extensions.toOpenPGPCertificate
|
|||
import org.pgpainless.encryption_signing.EncryptionOptions.EncryptionKeySelector
|
||||
import org.pgpainless.exception.KeyException.*
|
||||
import org.pgpainless.implementation.ImplementationFactory
|
||||
import org.pgpainless.key.OpenPgpFingerprint
|
||||
import org.pgpainless.key.SubkeyIdentifier
|
||||
import org.pgpainless.key.info.KeyAccessor
|
||||
import org.pgpainless.key.info.KeyRingInfo
|
||||
|
|
@ -197,7 +196,7 @@ class EncryptionOptions(private val purpose: EncryptionPurpose) {
|
|||
encryptionKeySelector.selectEncryptionSubkeys(
|
||||
info.getEncryptionSubkeys(userId, purpose))
|
||||
if (subkeys.isEmpty()) {
|
||||
throw UnacceptableEncryptionKeyException(OpenPgpFingerprint.of(cert))
|
||||
throw UnacceptableEncryptionKeyException(cert)
|
||||
}
|
||||
|
||||
for (subkey in subkeys) {
|
||||
|
|
@ -295,13 +294,11 @@ class EncryptionOptions(private val purpose: EncryptionPurpose) {
|
|||
try {
|
||||
info.primaryKeyExpirationDate
|
||||
} catch (e: NoSuchElementException) {
|
||||
throw UnacceptableSelfSignatureException(
|
||||
OpenPgpFingerprint.of(cert))
|
||||
throw UnacceptableSelfSignatureException(cert)
|
||||
}
|
||||
|
||||
if (primaryKeyExpiration != null && primaryKeyExpiration < evaluationDate) {
|
||||
throw ExpiredKeyException(
|
||||
OpenPgpFingerprint.of(cert), primaryKeyExpiration)
|
||||
throw ExpiredKeyException(cert, primaryKeyExpiration)
|
||||
}
|
||||
|
||||
var encryptionSubkeys = selector.selectEncryptionSubkeys(info.getEncryptionSubkeys(purpose))
|
||||
|
|
@ -318,7 +315,7 @@ class EncryptionOptions(private val purpose: EncryptionPurpose) {
|
|||
}
|
||||
|
||||
if (encryptionSubkeys.isEmpty()) {
|
||||
throw UnacceptableEncryptionKeyException(OpenPgpFingerprint.of(cert))
|
||||
throw UnacceptableEncryptionKeyException(cert)
|
||||
}
|
||||
|
||||
for (subkey in encryptionSubkeys) {
|
||||
|
|
|
|||
|
|
@ -157,14 +157,13 @@ class SigningOptions {
|
|||
|
||||
val signingPubKeys = keyRingInfo.signingSubkeys
|
||||
if (signingPubKeys.isEmpty()) {
|
||||
throw UnacceptableSigningKeyException(of(signingKey))
|
||||
throw UnacceptableSigningKeyException(signingKey)
|
||||
}
|
||||
|
||||
for (signingPubKey in signingPubKeys) {
|
||||
val signingSecKey: OpenPGPSecretKey =
|
||||
signingKey.getSecretKey(signingPubKey)
|
||||
?: throw MissingSecretKeyException(
|
||||
of(signingKey), signingPubKey.keyIdentifier.keyId)
|
||||
?: throw MissingSecretKeyException(signingPubKey)
|
||||
val signingPrivKey: OpenPGPPrivateKey =
|
||||
unlockSecretKey(signingSecKey, signingKeyProtector)
|
||||
val hashAlgorithms =
|
||||
|
|
@ -220,12 +219,11 @@ class SigningOptions {
|
|||
val keyRingInfo = inspectKeyRing(openPGPKey, evaluationDate)
|
||||
val signingPubKeys = keyRingInfo.signingSubkeys
|
||||
if (signingPubKeys.isEmpty()) {
|
||||
throw UnacceptableSigningKeyException(of(openPGPKey))
|
||||
throw UnacceptableSigningKeyException(openPGPKey)
|
||||
}
|
||||
|
||||
if (!signingPubKeys.any { it.keyIdentifier.matches(signingKey.keyIdentifier) }) {
|
||||
throw MissingSecretKeyException(
|
||||
of(openPGPKey), signingKey.keyIdentifier.keyId)
|
||||
throw MissingSecretKeyException(signingKey)
|
||||
}
|
||||
|
||||
val signingPrivKey = unlockSecretKey(signingKey, signingKeyProtector)
|
||||
|
|
@ -258,13 +256,16 @@ class SigningOptions {
|
|||
keyId: Long,
|
||||
signatureType: DocumentSignatureType = DocumentSignatureType.BINARY_DOCUMENT,
|
||||
subpacketsCallback: Callback? = null
|
||||
) =
|
||||
addInlineSignature(
|
||||
): SigningOptions {
|
||||
val key = signingKey.toOpenPGPKey()
|
||||
val subkeyIdentifier = KeyIdentifier(keyId)
|
||||
return addInlineSignature(
|
||||
signingKeyProtector,
|
||||
signingKey.toOpenPGPKey().getSecretKey(KeyIdentifier(keyId))
|
||||
?: throw MissingSecretKeyException(of(signingKey), keyId),
|
||||
key.getSecretKey(subkeyIdentifier)
|
||||
?: throw MissingSecretKeyException(of(signingKey), subkeyIdentifier),
|
||||
signatureType,
|
||||
subpacketsCallback)
|
||||
}
|
||||
|
||||
/**
|
||||
* Add detached signatures with all key rings from the provided secret key ring collection.
|
||||
|
|
@ -332,14 +333,13 @@ class SigningOptions {
|
|||
|
||||
val signingPubKeys = keyRingInfo.signingSubkeys
|
||||
if (signingPubKeys.isEmpty()) {
|
||||
throw UnacceptableSigningKeyException(of(signingKey))
|
||||
throw UnacceptableSigningKeyException(signingKey)
|
||||
}
|
||||
|
||||
for (signingPubKey in signingPubKeys) {
|
||||
val signingSecKey: OpenPGPSecretKey =
|
||||
signingKey.getSecretKey(signingPubKey.keyIdentifier)
|
||||
?: throw MissingSecretKeyException(
|
||||
of(signingKey), signingPubKey.keyIdentifier.keyId)
|
||||
?: throw MissingSecretKeyException(signingPubKey)
|
||||
addDetachedSignature(
|
||||
signingKeyProtector, signingSecKey, userId, signatureType, subpacketCallback)
|
||||
}
|
||||
|
|
@ -421,14 +421,17 @@ class SigningOptions {
|
|||
keyId: Long,
|
||||
signatureType: DocumentSignatureType = DocumentSignatureType.BINARY_DOCUMENT,
|
||||
subpacketsCallback: Callback? = null
|
||||
) =
|
||||
addDetachedSignature(
|
||||
): SigningOptions {
|
||||
val key = signingKey.toOpenPGPKey()
|
||||
val signingKeyIdentifier = KeyIdentifier(keyId)
|
||||
return addDetachedSignature(
|
||||
signingKeyProtector,
|
||||
signingKey.toOpenPGPKey().getSecretKey(KeyIdentifier(keyId))
|
||||
?: throw MissingSecretKeyException(of(signingKey), keyId),
|
||||
key.getSecretKey(signingKeyIdentifier)
|
||||
?: throw MissingSecretKeyException(of(key), signingKeyIdentifier),
|
||||
null,
|
||||
signatureType,
|
||||
subpacketsCallback)
|
||||
}
|
||||
|
||||
private fun addSigningMethod(
|
||||
signingKey: OpenPGPPrivateKey,
|
||||
|
|
@ -443,10 +446,7 @@ class SigningOptions {
|
|||
if (!getPolicy().publicKeyAlgorithmPolicy.isAcceptable(publicKeyAlgorithm, bitStrength)) {
|
||||
throw UnacceptableSigningKeyException(
|
||||
PublicKeyAlgorithmPolicyException(
|
||||
of(signingKey),
|
||||
signingSecretKey.keyID,
|
||||
publicKeyAlgorithm,
|
||||
bitStrength))
|
||||
signingKey.secretKey, publicKeyAlgorithm, bitStrength))
|
||||
}
|
||||
|
||||
val generator: PGPSignatureGenerator =
|
||||
|
|
|
|||
|
|
@ -132,14 +132,10 @@ abstract class OpenPgpFingerprint : CharSequence, Comparable<OpenPgpFingerprint>
|
|||
*/
|
||||
@JvmStatic fun of(keys: PGPKeyRing): OpenPgpFingerprint = of(keys.publicKey)
|
||||
|
||||
/**
|
||||
* Return the [OpenPgpFingerprint] of the primary key of the given [OpenPGPCertificate].
|
||||
*/
|
||||
/** Return the [OpenPgpFingerprint] of the primary key of the given [OpenPGPCertificate]. */
|
||||
@JvmStatic fun of(cert: OpenPGPCertificate): OpenPgpFingerprint = of(cert.pgpPublicKeyRing)
|
||||
|
||||
/**
|
||||
* Return the [OpenPgpFingerprint] of the given [OpenPGPComponentKey].
|
||||
*/
|
||||
/** Return the [OpenPgpFingerprint] of the given [OpenPGPComponentKey]. */
|
||||
@JvmStatic fun of(key: OpenPGPComponentKey): OpenPgpFingerprint = of(key.pgpPublicKey)
|
||||
|
||||
@JvmStatic fun of(key: OpenPGPPrivateKey): OpenPgpFingerprint = of(key.secretKey)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue