Examples with PGPPublicKeyRing org.bouncycastle.openpgp.PGPPublicKeyRing used on opensource projects

Example 6 with PGPPublicKeyRing

use of org.bouncycastle.openpgp.PGPPublicKeyRing in project gerrit by GerritCodeReview.

the class GerritPublicKeyCheckerTest method keyLaterInTrustChainMissingUserId.

@Test
public void keyLaterInTrustChainMissingUserId() throws Exception {
    // A---Bx
    //  \
    //   \---C
    //
    // The server ultimately trusts B.
    // C signed A's key but is not in the store.
    TestKey keyA = add(keyA(), user);
    PGPPublicKeyRing keyRingB = keyB().getPublicKeyRing();
    PGPPublicKey keyB = keyRingB.getPublicKey();
    keyB = PGPPublicKey.removeCertification(keyB, (String) keyB.getUserIDs().next());
    keyRingB = PGPPublicKeyRing.insertPublicKey(keyRingB, keyB);
    add(keyRingB, addUser("userB"));
    PublicKeyChecker checkerA = checkerFactory.create(user, store);
    assertProblems(checkerA.check(keyA.getPublicKey()), Status.OK, "No path to a trusted key", "Certification by " + keyToString(keyB) + " is valid, but key is not trusted", "Key D24FE467 used for certification is not in store");
}

Example 7 with PGPPublicKeyRing

use of org.bouncycastle.openpgp.PGPPublicKeyRing in project gerrit by GerritCodeReview.

the class PublicKeyChecker method checkRevocations.

private void checkRevocations(PGPPublicKey key, List<PGPSignature> revocations, Map<Long, RevocationKey> revokers, List<String> problems) throws PGPException, IOException {
    for (PGPSignature revocation : revocations) {
        RevocationKey revoker = revokers.get(revocation.getKeyID());
        if (revoker == null) {
            // Not a designated revoker.
            continue;
        }
        byte[] rfp = revoker.getFingerprint();
        PGPPublicKeyRing revokerKeyRing = store.get(rfp);
        if (revokerKeyRing == null) {
            // Revoker is authorized and there is a revocation signature by this
            // revoker, but the key is not in the store so we can't verify the
            // signature.
            log.info("Key " + Fingerprint.toString(key.getFingerprint()) + " is revoked by " + Fingerprint.toString(rfp) + ", which is not in the store. Assuming revocation is valid.");
            problems.add(reasonToString(getRevocationReason(revocation)));
            continue;
        }
        PGPPublicKey rk = revokerKeyRing.getPublicKey();
        if (rk.getAlgorithm() != revoker.getAlgorithm()) {
            continue;
        }
        if (!checkBasic(rk, revocation.getCreationTime()).isOk()) {
            // revocation is invalid.
            continue;
        }
        revocation.init(new BcPGPContentVerifierBuilderProvider(), rk);
        if (revocation.verifyCertification(key)) {
            problems.add(reasonToString(getRevocationReason(revocation)));
        }
    }
}

Example 8 with PGPPublicKeyRing

use of org.bouncycastle.openpgp.PGPPublicKeyRing in project gerrit by GerritCodeReview.

the class PublicKeyStore method get.

private List<PGPPublicKeyRing> get(long keyId, byte[] fp) throws IOException {
    if (reader == null) {
        load();
    }
    if (notes == null) {
        return Collections.emptyList();
    }
    Note note = notes.getNote(keyObjectId(keyId));
    if (note == null) {
        return Collections.emptyList();
    }
    List<PGPPublicKeyRing> keys = new ArrayList<>();
    try (InputStream in = reader.open(note.getData(), OBJ_BLOB).openStream()) {
        while (true) {
            @SuppressWarnings("unchecked") Iterator<Object> it = new BcPGPObjectFactory(new ArmoredInputStream(in)).iterator();
            if (!it.hasNext()) {
                break;
            }
            Object obj = it.next();
            if (obj instanceof PGPPublicKeyRing) {
                PGPPublicKeyRing kr = (PGPPublicKeyRing) obj;
                if (fp == null || Arrays.equals(fp, kr.getPublicKey().getFingerprint())) {
                    keys.add(kr);
                }
            }
            checkState(!it.hasNext(), "expected one PGP object per ArmoredInputStream");
        }
        return keys;
    }
}

Example 9 with PGPPublicKeyRing

use of org.bouncycastle.openpgp.PGPPublicKeyRing in project gerrit by GerritCodeReview.

the class PublicKeyCheckerTest method revokedKeyDueToCompromise.

@Test
public void revokedKeyDueToCompromise() throws Exception {
    TestKey k = add(revokedCompromisedKey());
    add(validKeyWithoutExpiration());
    save();
    assertProblems(k, "Key is revoked (key material has been compromised): test6 compromised");
    PGPPublicKeyRing kr = removeRevokers(k.getPublicKeyRing());
    store.add(kr);
    save();
    // Key no longer specified as revoker.
    assertNoProblems(kr.getPublicKey());
}

Example 10 with PGPPublicKeyRing

use of org.bouncycastle.openpgp.PGPPublicKeyRing in project gerrit by GerritCodeReview.

the class PublicKeyStoreTest method updateExisting.

@Test
public void updateExisting() throws Exception {
    TestKey key5 = validKeyWithSecondUserId();
    PGPPublicKeyRing keyRing = key5.getPublicKeyRing();
    PGPPublicKey key = keyRing.getPublicKey();
    store.add(keyRing);
    assertEquals(RefUpdate.Result.NEW, store.save(newCommitBuilder()));
    assertUserIds(store.get(key5.getKeyId()).iterator().next(), "Testuser Five <test5@example.com>", "foo:myId");
    keyRing = PGPPublicKeyRing.removePublicKey(keyRing, key);
    key = PGPPublicKey.removeCertification(key, "foo:myId");
    keyRing = PGPPublicKeyRing.insertPublicKey(keyRing, key);
    store.add(keyRing);
    assertEquals(RefUpdate.Result.FAST_FORWARD, store.save(newCommitBuilder()));
    Iterator<PGPPublicKeyRing> keyRings = store.get(key.getKeyID()).iterator();
    keyRing = keyRings.next();
    assertFalse(keyRings.hasNext());
    assertUserIds(keyRing, "Testuser Five <test5@example.com>");
}