KeyRingInfo: Pass API instance to key constructors

Issue templates: Add question about AI tooling
Turn var into val
2025-09-09 10:19:39 +02:00 · 2025-08-20 11:41:35 +02:00 · 2025-08-20 11:41:34 +02:00 · 2025-08-20 11:41:34 +02:00 · 2025-08-20 11:41:34 +02:00 · 2025-08-20 11:41:34 +02:00
8 changed files with 37 additions and 17 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -36,7 +36,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language: [ 'java' ]
+        language: [ 'java-kotlin' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
        # Learn more about CodeQL language support at https://git.io/codeql-language-support

@ -46,7 +46,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@ -57,7 +57,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@ -71,4 +71,4 @@ jobs:
    #   make release

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/exception/KeyException.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/exception/KeyException.kt
@ -38,6 +38,11 @@ abstract class KeyException : RuntimeException {
        ) {

        constructor(cert: OpenPGPCertificate, expirationDate: Date) : this(of(cert), expirationDate)
+
+        constructor(
+            componentKey: OpenPGPComponentKey,
+            expirationDate: Date
+        ) : this(of(componentKey), expirationDate)
    }

    class RevokedKeyException : KeyException {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
@ -52,7 +52,7 @@ class KeyRingBuilder(private val version: OpenPGPKeyVersion, private val api: PG
    }

    override fun addUserId(userId: CharSequence): KeyRingBuilder = apply {
-        userIds[userId.toString().trim()] = null
+        userIds[userId.toString()] = null
    }

    override fun addUserId(userId: ByteArray): KeyRingBuilder =
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/info/KeyRingInfo.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/info/KeyRingInfo.kt
@ -35,7 +35,8 @@ class KeyRingInfo(
        api: PGPainless = PGPainless.getInstance(),
        referenceDate: Date = Date()
    ) : this(
-        if (keys is PGPSecretKeyRing) OpenPGPKey(keys) else OpenPGPCertificate(keys),
+        if (keys is PGPSecretKeyRing) OpenPGPKey(keys, api.implementation)
+        else OpenPGPCertificate(keys, api.implementation),
        api,
        referenceDate)

--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
@ -532,7 +532,7 @@ class SecretKeyRingEditor(
        val prevBinding =
            api.inspect(key).getCurrentSubkeyBindingSignature(keyId)
                ?: throw NoSuchElementException(
-                    "Previous subkey binding signaure for $keyId MUST NOT be null.")
+                    "Previous subkey binding signature for $keyId MUST NOT be null.")
        val bindingSig = reissueSubkeyBindingSignature(subkey, expiration, protector, prevBinding)
        secretKeyRing =
            injectCertification(secretKeyRing, subkey.pgpPublicKey, bindingSig.signature)
@ -624,9 +624,10 @@ class SecretKeyRingEditor(
    }

    private fun sanitizeUserId(userId: CharSequence): CharSequence =
-        // TODO: Further research how to sanitize user IDs.
-        //  e.g. what about newlines?
-        userId.toString().trim()
+        // I'm not sure, what kind of sanitization is needed.
+        // Newlines are allowed, they just need to be escaped when emitted in an ASCII armor header
+        // Trailing/Leading whitespace is also fine.
+        userId.toString()

    private fun callbackFromRevocationAttributes(attributes: RevocationAttributes?) =
        object : RevocationSignatureSubpackets.Callback {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/util/ArmorUtils.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/util/ArmorUtils.kt
@ -247,7 +247,8 @@ class ArmorUtils {
                .add(OpenPgpFingerprint.of(publicKey).prettyPrint())
            // Primary / First User ID
            (primary ?: first)?.let {
-                headerMap.getOrPut(HEADER_COMMENT) { mutableSetOf() }.add(it)
+                headerMap.getOrPut(HEADER_COMMENT) { mutableSetOf() }
+                    .add(it.replace("\n", "\\n").replace("\r", "\\r"))
            }
            // X-1 further identities
            when (userIds.size) {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/util/Passphrase.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/util/Passphrase.kt
@ -11,14 +11,9 @@ import org.bouncycastle.util.Arrays
 *
 * @param chars may be null for empty passwords.
 */
-class Passphrase(chars: CharArray?) {
+class Passphrase(private val chars: CharArray?) {
    private val lock = Any()
    private var valid = true
-    private val chars: CharArray?
-
-    init {
-        this.chars = trimWhitespace(chars)
-    }

    /**
     * Return a copy of the underlying char array. A return value of null represents an empty
@ -67,6 +62,13 @@ class Passphrase(chars: CharArray?) {

    override fun hashCode(): Int = getChars()?.let { String(it) }.hashCode()

+    /**
+     * Return a copy of this [Passphrase], but with whitespace characters trimmed off.
+     *
+     * @return copy with trimmed whitespace
+     */
+    fun withTrimmedWhitespace(): Passphrase = Passphrase(trimWhitespace(chars))
+
    companion object {

        /**
--- a/pgpainless-sop/src/test/java/org/pgpainless/sop/GenerateKeyTest.java
+++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/GenerateKeyTest.java
@ -100,4 +100,14 @@ public class GenerateKeyTest {
        assertThrows(SOPGPException.UnsupportedProfile.class, () ->
                sop.generateKey().profile("invalid"));
    }
+
+    @Test
+    public void generateKeyWithNewlinesInUserId() throws IOException {
+        byte[] keyBytes = sop.generateKey()
+                .userId("Foo\n\nBar")
+                .generate()
+                .getBytes();
+
+        assertTrue(new String(keyBytes).contains("Foo\\n\\nBar"));
+    }
 }