From e7954ff6f19f3dc2fd41c1c2fc1f66349dfd3cd2 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Wed, 19 Mar 2025 10:36:45 +0100 Subject: [PATCH] KeyRingUtils: Replace deprecated method usage --- .../org/pgpainless/key/util/KeyRingUtils.kt | 50 +++++++++++-------- 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/util/KeyRingUtils.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/util/KeyRingUtils.kt index fd1baedf..2286da28 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/util/KeyRingUtils.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/util/KeyRingUtils.kt @@ -52,13 +52,7 @@ class KeyRingUtils { */ @JvmStatic fun getPrimarySecretKeyFrom(secretKeys: PGPSecretKeyRing): PGPSecretKey? { - return secretKeys.secretKey.let { - if (it.isMasterKey) { - it - } else { - null - } - } + return if (secretKeys.secretKey.isMasterKey) secretKeys.secretKey else null } /** @@ -82,13 +76,7 @@ class KeyRingUtils { */ @JvmStatic fun getPrimaryPublicKey(keyRing: PGPKeyRing): PGPPublicKey? { - return keyRing.publicKey.let { - if (it.isMasterKey) { - it - } else { - null - } - } + return if (keyRing.publicKey.isMasterKey) keyRing.publicKey else null } /** @@ -245,7 +233,7 @@ class KeyRingUtils { certificate.publicKeys .asSequence() .map { - if (it.keyID == certifiedKey.keyID) { + if (it.keyIdentifier == certifiedKey.keyIdentifier) { PGPPublicKey.addCertification(it, certification) } else { it @@ -415,18 +403,40 @@ class KeyRingUtils { * @throws PGPException in case of a broken key */ @JvmStatic - fun stripSecretKey(secretKeys: PGPSecretKeyRing, keyId: Long): PGPSecretKeyRing { - require(keyId != secretKeys.publicKey.keyID) { + @Deprecated("Pass in a KeyIdentifier instead.") + fun stripSecretKey(secretKeys: PGPSecretKeyRing, keyId: Long): PGPSecretKeyRing = + stripSecretKey(secretKeys, KeyIdentifier(keyId)) + + /** + * Remove the secret key of the subkey identified by the given [keyIdentifier] from the key + * ring. The public part stays attached to the key ring, so that it can still be used for + * encryption / verification of signatures. + * + * This method is intended to be used to remove secret primary keys from live keys when + * those are kept in offline storage. + * + * @param secretKeys secret key ring + * @param keyIdentifier identifier of the secret key to remove + * @return secret key ring with removed secret key + * @throws IOException in case of an error during serialization / deserialization of the key + * @throws PGPException in case of a broken key + */ + @JvmStatic + fun stripSecretKey( + secretKeys: PGPSecretKeyRing, + keyIdentifier: KeyIdentifier + ): PGPSecretKeyRing { + require(keyIdentifier != secretKeys.publicKey.keyIdentifier) { "Bouncy Castle currently cannot deal with stripped primary secret keys." } - if (secretKeys.getSecretKey(keyId) == null) { + if (secretKeys.getSecretKey(keyIdentifier) == null) { throw NoSuchElementException( - "PGPSecretKeyRing does not contain secret key ${keyId.openPgpKeyId()}.") + "PGPSecretKeyRing does not contain secret key ${keyIdentifier}.") } val out = ByteArrayOutputStream() secretKeys.forEach { - if (it.keyID == keyId) { + if (it.keyIdentifier == keyIdentifier) { // only encode the public key it.publicKey.encode(out) } else {