PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-09-12 11:49:38 +02:00
Code Issues Releases Wiki Activity

Allow modification of keys with custom reference date

Browse source 
Also, bind subkeys using SubkeyBindingSignatureBuilder
This commit is contained in:
Paul Schaub 2022-09-03 12:19:34 +02:00
parent 3030de7f3f
commit c3dc3c9d87
10 changed files with 207 additions and 170 deletions
Download patch file Download diff file Expand all files Collapse all files

12
pgpainless-core/src/test/java/org/pgpainless/key/generation/KeyGenerationSubpacketsTest.java
View file

@ -16,6 +16,7 @@ import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import org.bouncycastle.bcpg.sig.IssuerFingerprint;
@ -40,7 +41,7 @@ public class KeyGenerationSubpacketsTest {
@Test
public void verifyDefaultSubpacketsForUserIdSignatures()
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("Alice");
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
@ -88,10 +89,9 @@ public class KeyGenerationSubpacketsTest {
assertEquals("Bob", info.getPrimaryUserId());
// wait one sec so that it is clear that the new certification for alice is the most recent one
Thread.sleep(1000);
secretKeys = PGPainless.modifyKeyRing(secretKeys)
Date now = new Date();
Date t1 = new Date(now.getTime() + 1000 * 60 * 60);
secretKeys = PGPainless.modifyKeyRing(secretKeys, t1)
.addUserId("Alice", new SelfSignatureSubpackets.Callback() {
@Override
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
@ -100,7 +100,7 @@ public class KeyGenerationSubpacketsTest {
}
}, SecretKeyRingProtector.unprotectedKeys())
.done();
info = PGPainless.inspectKeyRing(secretKeys);
info = PGPainless.inspectKeyRing(secretKeys, t1);
assertEquals("Alice", info.getPrimaryUserId());
assertEquals(Collections.singleton(HashAlgorithm.SHA1), info.getPreferredHashAlgorithms("Alice"));
}

33
pgpainless-core/src/test/java/org/pgpainless/key/modification/ChangeExpirationTest.java
View file

@ -34,7 +34,7 @@ public class ChangeExpirationTest {
@TestTemplate
@ExtendWith(TestAllImplementations.class)
public void setExpirationDateAndThenUnsetIt_OnPrimaryKey()
throws PGPException, IOException, InterruptedException {
throws PGPException, IOException {
PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
KeyRingInfo sInfo = PGPainless.inspectKeyRing(secretKeys);
@ -42,6 +42,7 @@ public class ChangeExpirationTest {
assertNull(sInfo.getPrimaryKeyExpirationDate());
assertNull(sInfo.getSubkeyExpirationDate(subKeyFingerprint));
Date now = new Date();
Date date = DateUtil.parseUTCDate("2020-11-27 16:10:32 UTC");
secretKeys = PGPainless.modifyKeyRing(secretKeys)
.setExpirationDate(date, new UnprotectedKeysProtector()).done();
@ -51,15 +52,11 @@ public class ChangeExpirationTest {
// subkey unchanged
assertNull(sInfo.getSubkeyExpirationDate(subKeyFingerprint));
// We need to wait for one second as OpenPGP signatures have coarse-grained (up to a second)
// accuracy. Creating two signatures within a short amount of time will make the second one
// "invisible"
Thread.sleep(1100);
secretKeys = PGPainless.modifyKeyRing(secretKeys)
Date t1 = new Date(now.getTime() + 1000 * 60 * 60);
secretKeys = PGPainless.modifyKeyRing(secretKeys, t1)
.setExpirationDate(null, new UnprotectedKeysProtector()).done();
sInfo = PGPainless.inspectKeyRing(secretKeys);
sInfo = PGPainless.inspectKeyRing(secretKeys, t1);
assertNull(sInfo.getPrimaryKeyExpirationDate());
assertNull(sInfo.getSubkeyExpirationDate(subKeyFingerprint));
}
@ -67,32 +64,30 @@ public class ChangeExpirationTest {
@TestTemplate
@ExtendWith(TestAllImplementations.class)
public void setExpirationDateAndThenUnsetIt_OnSubkey()
throws PGPException, IOException, InterruptedException {
throws PGPException, IOException {
PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
KeyRingInfo sInfo = PGPainless.inspectKeyRing(secretKeys);
assertNull(sInfo.getPrimaryKeyExpirationDate());
Date now = new Date();
Calendar calendar = Calendar.getInstance();
calendar.setTime(new Date());
calendar.setTime(now);
calendar.add(Calendar.DATE, 5);
Date expiration = calendar.getTime();
Date expiration = calendar.getTime(); // in 5 days
secretKeys = PGPainless.modifyKeyRing(secretKeys)
.setExpirationDate(expiration, new UnprotectedKeysProtector()).done();
sInfo = PGPainless.inspectKeyRing(secretKeys);
assertNotNull(sInfo.getPrimaryKeyExpirationDate());
JUtils.assertDateEquals(expiration, sInfo.getPrimaryKeyExpirationDate());
// We need to wait for one second as OpenPGP signatures have coarse-grained (up to a second)
// accuracy. Creating two signatures within a short amount of time will make the second one
// "invisible"
Thread.sleep(1100);
secretKeys = PGPainless.modifyKeyRing(secretKeys)
Date t1 = new Date(now.getTime() + 1000 * 60 * 60);
secretKeys = PGPainless.modifyKeyRing(secretKeys, t1)
.setExpirationDate(null, new UnprotectedKeysProtector()).done();
sInfo = PGPainless.inspectKeyRing(secretKeys);
sInfo = PGPainless.inspectKeyRing(secretKeys, t1);
assertNull(sInfo.getPrimaryKeyExpirationDate());
}
@ -118,7 +113,7 @@ public class ChangeExpirationTest {
.done();
Date actualExpiration = PGPainless.inspectKeyRing(secretKeys)
.getPrimaryKeyExpirationDate();
.getPrimaryKeyExpirationDate();
JUtils.assertDateEquals(notSoFarAwayExpiration, actualExpiration);
}
}

140
pgpainless-core/src/test/java/org/pgpainless/key/modification/ChangePrimaryUserIdAndExpirationDatesTest.java
View file

@ -4,15 +4,6 @@
package org.pgpainless.key.modification;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
@ -21,54 +12,68 @@ import org.pgpainless.PGPainless;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class ChangePrimaryUserIdAndExpirationDatesTest {
private static final long millisInHour = 1000 * 60 * 60;
@Test
public void generateA_primaryB_revokeA_cantSecondaryA()
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.modernKeyRing("A");
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
Date now = new Date();
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys, now);
assertFalse(info.isHardRevoked("A"));
assertFalse(info.isHardRevoked("B"));
assertIsPrimaryUserId("A", info);
assertIsNotValid("B", info);
assertIsNotPrimaryUserId("B", info);
Thread.sleep(1000);
secretKeys = PGPainless.modifyKeyRing(secretKeys)
// One hour later
Date oneHourLater = new Date(now.getTime() + millisInHour);
secretKeys = PGPainless.modifyKeyRing(secretKeys, oneHourLater)
.addPrimaryUserId("B", protector)
.done();
info = PGPainless.inspectKeyRing(secretKeys);
info = PGPainless.inspectKeyRing(secretKeys, oneHourLater);
assertIsPrimaryUserId("B", info);
assertIsNotPrimaryUserId("A", info);
Thread.sleep(1000);
// Two hours later
Date twoHoursLater = new Date(now.getTime() + 2 * millisInHour);
secretKeys = PGPainless.modifyKeyRing(secretKeys)
secretKeys = PGPainless.modifyKeyRing(secretKeys, twoHoursLater)
.revokeUserId("A", protector) // hard revoke A
.done();
info = PGPainless.inspectKeyRing(secretKeys);
info = PGPainless.inspectKeyRing(secretKeys, twoHoursLater);
assertTrue(info.isHardRevoked("A"));
assertFalse(info.isHardRevoked("B"));
assertIsPrimaryUserId("B", info);
assertIsNotValid("A", info);
Thread.sleep(1000);
// Three hours later
Date threeHoursLater = new Date(now.getTime() + 3 * millisInHour);
PGPSecretKeyRing finalSecretKeys = secretKeys;
assertThrows(IllegalArgumentException.class, () ->
PGPainless.modifyKeyRing(finalSecretKeys).addUserId("A", protector));
PGPainless.modifyKeyRing(finalSecretKeys, threeHoursLater).addUserId("A", protector));
}
@Test
public void generateA_primaryExpire_isExpired()
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.modernKeyRing("A");
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
@ -76,71 +81,77 @@ public class ChangePrimaryUserIdAndExpirationDatesTest {
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
assertIsPrimaryUserId("A", info);
Thread.sleep(1000);
Date now = new Date();
Date later = new Date(now.getTime() + millisInHour);
secretKeys = PGPainless.modifyKeyRing(secretKeys)
.setExpirationDate(new Date(), protector) // expire the whole key
secretKeys = PGPainless.modifyKeyRing(secretKeys, now)
.setExpirationDate(later, protector) // expire the whole key
.done();
Thread.sleep(1000);
Date evenLater = new Date(now.getTime() + 2 * millisInHour);
info = PGPainless.inspectKeyRing(secretKeys);
info = PGPainless.inspectKeyRing(secretKeys, evenLater);
assertFalse(info.isUserIdValid("A")); // is expired by now
}
@Test
public void generateA_primaryB_primaryExpire_bIsStillPrimary()
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.modernKeyRing("A");
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
Date now = new Date();
// Generate key with primary user-id A
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
assertIsPrimaryUserId("A", info);
Thread.sleep(1000);
secretKeys = PGPainless.modifyKeyRing(secretKeys)
// later set primary user-id to B
Date t1 = new Date(now.getTime() + millisInHour);
secretKeys = PGPainless.modifyKeyRing(secretKeys, t1)
.addPrimaryUserId("B", protector)
.done();
info = PGPainless.inspectKeyRing(secretKeys);
info = PGPainless.inspectKeyRing(secretKeys, t1);
assertIsPrimaryUserId("B", info);
assertIsNotPrimaryUserId("A", info);
Thread.sleep(1000);
secretKeys = PGPainless.modifyKeyRing(secretKeys)
.setExpirationDate(new Date(new Date().getTime() + 1000), protector) // expire the whole key in 1 sec
// Even later expire the whole key
Date t2 = new Date(now.getTime() + 2 * millisInHour);
Date expiration = new Date(now.getTime() + 10 * millisInHour);
secretKeys = PGPainless.modifyKeyRing(secretKeys, t2)
.setExpirationDate(expiration, protector) // expire the whole key in 1 hour
.done();
info = PGPainless.inspectKeyRing(secretKeys);
Date t3 = new Date(now.getTime() + 3 * millisInHour);
info = PGPainless.inspectKeyRing(secretKeys, t3);
assertIsValid("A", info);
assertIsValid("B", info);
assertIsPrimaryUserId("B", info);
assertIsNotPrimaryUserId("A", info);
Thread.sleep(2000);
info = PGPainless.inspectKeyRing(secretKeys);
info = PGPainless.inspectKeyRing(secretKeys, expiration);
assertIsPrimaryUserId("B", info); // B is still primary, even though
assertFalse(info.isUserIdValid("A")); // key is expired by now
assertFalse(info.isUserIdValid("B"));
}
@Test
public void generateA_expire_certify() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
public void generateA_expire_certify()
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("A");
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
secretKeys = PGPainless.modifyKeyRing(secretKeys)
.setExpirationDate(new Date(new Date().getTime() + 1000), protector)
Date now = new Date();
Date t1 = new Date(now.getTime() + millisInHour);
secretKeys = PGPainless.modifyKeyRing(secretKeys, now)
.setExpirationDate(t1, protector)
.done();
Thread.sleep(2000);
secretKeys = PGPainless.modifyKeyRing(secretKeys)
.setExpirationDate(new Date(new Date().getTime() + 2000), protector)
Date t2 = new Date(now.getTime() + 2 * millisInHour);
Date t4 = new Date(now.getTime() + 4 * millisInHour);
secretKeys = PGPainless.modifyKeyRing(secretKeys, t2)
.setExpirationDate(t4, protector)
.done();
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
@ -150,49 +161,48 @@ public class ChangePrimaryUserIdAndExpirationDatesTest {
@Test
public void generateA_expire_primaryB_expire_isPrimaryB()
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("A");
SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
Thread.sleep(1000);
secretKeys = PGPainless.modifyKeyRing(secretKeys)
.setExpirationDate(new Date(), protector)
Date now = new Date();
Date t1 = new Date(now.getTime() + millisInHour);
secretKeys = PGPainless.modifyKeyRing(secretKeys, t1)
.setExpirationDate(t1, protector)
.done();
Thread.sleep(2000);
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
Date t2 = new Date(now.getTime() + 2 * millisInHour);
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys, t2);
assertIsPrimaryUserId("A", info);
assertIsNotValid("A", info); // A is expired
secretKeys = PGPainless.modifyKeyRing(secretKeys)
secretKeys = PGPainless.modifyKeyRing(secretKeys, t2)
.addPrimaryUserId("B", protector)
.done();
info = PGPainless.inspectKeyRing(secretKeys);
Date t3 = new Date(now.getTime() + 3 * millisInHour);
info = PGPainless.inspectKeyRing(secretKeys, t3);
assertIsPrimaryUserId("B", info);
assertIsNotValid("B", info); // A and B are still expired
assertIsNotValid("A", info);
Thread.sleep(1000);
secretKeys = PGPainless.modifyKeyRing(secretKeys)
.setExpirationDate(new Date(new Date().getTime() + 10000), protector)
Date t4 = new Date(now.getTime() + 4 * millisInHour);
Date t5 = new Date(now.getTime() + 5 * millisInHour);
secretKeys = PGPainless.modifyKeyRing(secretKeys, t3)
.setExpirationDate(t5, protector)
.done();
Thread.sleep(1000);
info = PGPainless.inspectKeyRing(secretKeys);
info = PGPainless.inspectKeyRing(secretKeys, t4);
assertIsValid("B", info);
assertIsValid("A", info); // A got re-validated when changing exp date
assertIsPrimaryUserId("B", info);
secretKeys = PGPainless.modifyKeyRing(secretKeys)
secretKeys = PGPainless.modifyKeyRing(secretKeys, t4)
.addUserId("A", protector) // re-certify A as non-primary user-id
.done();
info = PGPainless.inspectKeyRing(secretKeys);
info = PGPainless.inspectKeyRing(secretKeys, t4);
assertIsValid("B", info);
assertIsValid("A", info);

18
pgpainless-core/src/test/java/org/pgpainless/key/modification/OldSignatureSubpacketsArePreservedOnNewSig.java → pgpainless-core/src/test/java/org/pgpainless/key/modification/OldSignatureSubpacketsArePreservedOnNewSigTest.java
View file

@ -10,7 +10,6 @@ import static org.junit.jupiter.api.Assertions.assertNotEquals;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.Calendar;
import java.util.Date;
import org.bouncycastle.openpgp.PGPException;
@ -23,12 +22,14 @@ import org.pgpainless.PGPainless;
import org.pgpainless.key.protection.UnprotectedKeysProtector;
import org.pgpainless.util.TestAllImplementations;
public class OldSignatureSubpacketsArePreservedOnNewSig {
public class OldSignatureSubpacketsArePreservedOnNewSigTest {
private static final long millisInHour = 1000 * 60 * 60;
@TestTemplate
@ExtendWith(TestAllImplementations.class)
public void verifyOldSignatureSubpacketsArePreservedOnNewExpirationDateSig()
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, InterruptedException {
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.simpleEcKeyRing("Alice <alice@wonderland.lit>");
@ -37,17 +38,14 @@ public class OldSignatureSubpacketsArePreservedOnNewSig {
assertEquals(0, oldPackets.getKeyExpirationTime());
Thread.sleep(1000);
Date now = new Date();
Calendar calendar = Calendar.getInstance();
calendar.setTime(now);
calendar.add(Calendar.DATE, 5);
Date expiration = calendar.getTime(); // in 5 days
Date t1 = new Date(now.getTime() + millisInHour);
Date expiration = new Date(now.getTime() + 5 * 24 * millisInHour); // in 5 days
secretKeys = PGPainless.modifyKeyRing(secretKeys)
secretKeys = PGPainless.modifyKeyRing(secretKeys, t1)
.setExpirationDate(expiration, new UnprotectedKeysProtector())
.done();
PGPSignature newSignature = PGPainless.inspectKeyRing(secretKeys).getLatestUserIdCertification("Alice <alice@wonderland.lit>");
PGPSignature newSignature = PGPainless.inspectKeyRing(secretKeys, t1).getLatestUserIdCertification("Alice <alice@wonderland.lit>");
PGPSignatureSubpacketVector newPackets = newSignature.getHashedSubPackets();
assertNotEquals(0, newPackets.getKeyExpirationTime());

10
pgpainless-core/src/test/java/org/pgpainless/signature/builder/ThirdPartyDirectKeySignatureBuilderTest.java
View file

@ -11,6 +11,7 @@ import static org.junit.jupiter.api.Assertions.assertNotNull;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.Date;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
@ -32,7 +33,7 @@ import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
public class ThirdPartyDirectKeySignatureBuilderTest {
@Test
public void testDirectKeySignatureBuilding() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InterruptedException {
public void testDirectKeySignatureBuilding() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.modernKeyRing("Alice");
@ -40,9 +41,12 @@ public class ThirdPartyDirectKeySignatureBuilderTest {
secretKeys.getSecretKey(),
SecretKeyRingProtector.unprotectedKeys());
Date now = new Date();
Date t1 = new Date(now.getTime() + 1000 * 60 * 60);
dsb.applyCallback(new SelfSignatureSubpackets.Callback() {
@Override
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
hashedSubpackets.setSignatureCreationTime(t1);
hashedSubpackets.setKeyFlags(KeyFlag.CERTIFY_OTHER);
hashedSubpackets.setPreferredHashAlgorithms(HashAlgorithm.SHA512);
hashedSubpackets.setPreferredCompressionAlgorithms(CompressionAlgorithm.ZIP);
@ -51,13 +55,11 @@ public class ThirdPartyDirectKeySignatureBuilderTest {
}
});
Thread.sleep(1000);
PGPSignature directKeySig = dsb.build(secretKeys.getPublicKey());
assertNotNull(directKeySig);
secretKeys = KeyRingUtils.injectCertification(secretKeys, secretKeys.getPublicKey(), directKeySig);
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys, t1);
PGPSignature signature = info.getLatestDirectKeySelfSignature();
assertNotNull(signature);