Example 6 with PGPSignature
use of org.bouncycastle.openpgp.PGPSignature in project gerrit by GerritCodeReview.
the class PublicKeyChecker method gatherRevocationProblems.
private void gatherRevocationProblems(PGPPublicKey key, Date now, List<String> problems) {
try {
List<PGPSignature> revocations = new ArrayList<>();
Map<Long, RevocationKey> revokers = new HashMap<>();
PGPSignature selfRevocation = scanRevocations(key, now, revocations, revokers);
if (selfRevocation != null) {
RevocationReason reason = getRevocationReason(selfRevocation);
if (isRevocationValid(selfRevocation, reason, now)) {
problems.add(reasonToString(reason));
}
} else {
checkRevocations(key, revocations, revokers, problems);
}
} catch (PGPException | IOException e) {
problems.add("Error checking key revocation");
}
}
Also used :
RevocationReason(org.bouncycastle.bcpg.sig.RevocationReason)
PGPException(org.bouncycastle.openpgp.PGPException)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
RevocationKey(org.bouncycastle.bcpg.sig.RevocationKey)
PGPSignature(org.bouncycastle.openpgp.PGPSignature)
IOException(java.io.IOException)
Example 7 with PGPSignature
use of org.bouncycastle.openpgp.PGPSignature in project gerrit by GerritCodeReview.
the class PublicKeyCheckerTest method removeRevokers.
private PGPPublicKeyRing removeRevokers(PGPPublicKeyRing kr) {
PGPPublicKey k = kr.getPublicKey();
@SuppressWarnings("unchecked") Iterator<PGPSignature> sigs = k.getSignaturesOfType(DIRECT_KEY);
while (sigs.hasNext()) {
PGPSignature sig = sigs.next();
if (sig.getHashedSubPackets().hasSubpacket(REVOCATION_KEY)) {
k = PGPPublicKey.removeCertification(k, sig);
}
}
return PGPPublicKeyRing.insertPublicKey(kr, k);
}
Also used :
PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey)
PGPSignature(org.bouncycastle.openpgp.PGPSignature)
Example 8 with PGPSignature
use of org.bouncycastle.openpgp.PGPSignature in project gerrit by GerritCodeReview.
the class PushCertificateCheckerTest method newSignedCert.
private PushCertificate newSignedCert(String nonce, TestKey signingKey, Date now) throws Exception {
PushCertificateIdent ident = new PushCertificateIdent(signingKey.getFirstUserId(), System.currentTimeMillis(), -7 * 60);
String payload = "certificate version 0.1\n" + "pusher " + ident.getRaw() + "\n" + "pushee test://localhost/repo.git\n" + "nonce " + nonce + "\n" + "\n" + "0000000000000000000000000000000000000000" + " deadbeefdeadbeefdeadbeefdeadbeefdeadbeef" + " refs/heads/master\n";
PGPSignatureGenerator gen = new PGPSignatureGenerator(new BcPGPContentSignerBuilder(signingKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1));
if (now != null) {
PGPSignatureSubpacketGenerator subGen = new PGPSignatureSubpacketGenerator();
subGen.setSignatureCreationTime(false, now);
gen.setHashedSubpackets(subGen.generate());
}
gen.init(PGPSignature.BINARY_DOCUMENT, signingKey.getPrivateKey());
gen.update(payload.getBytes(UTF_8));
PGPSignature sig = gen.generate();
ByteArrayOutputStream bout = new ByteArrayOutputStream();
try (BCPGOutputStream out = new BCPGOutputStream(new ArmoredOutputStream(bout))) {
sig.encode(out);
}
String cert = payload + new String(bout.toByteArray(), UTF_8);
Reader reader = new InputStreamReader(new ByteArrayInputStream(cert.getBytes(UTF_8)));
PushCertificateParser parser = new PushCertificateParser(repo, signedPushConfig);
return parser.parse(reader);
}
Also used :
PGPSignatureGenerator(org.bouncycastle.openpgp.PGPSignatureGenerator)
PushCertificateParser(org.eclipse.jgit.transport.PushCertificateParser)
InputStreamReader(java.io.InputStreamReader)
BcPGPContentSignerBuilder(org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder)
ArmoredOutputStream(org.bouncycastle.bcpg.ArmoredOutputStream)
Reader(java.io.Reader)
InputStreamReader(java.io.InputStreamReader)
BCPGOutputStream(org.bouncycastle.bcpg.BCPGOutputStream)
PublicKeyStore.keyToString(com.google.gerrit.gpg.PublicKeyStore.keyToString)
PublicKeyStore.keyIdToString(com.google.gerrit.gpg.PublicKeyStore.keyIdToString)
PGPSignature(org.bouncycastle.openpgp.PGPSignature)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
PushCertificateIdent(org.eclipse.jgit.transport.PushCertificateIdent)
ByteArrayInputStream(java.io.ByteArrayInputStream)
PGPSignatureSubpacketGenerator(org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator)
Aggregations
PGPSignature (org.bouncycastle.openpgp.PGPSignature)8
PublicKeyStore.keyIdToString (com.google.gerrit.gpg.PublicKeyStore.keyIdToString)3
PublicKeyStore.keyToString (com.google.gerrit.gpg.PublicKeyStore.keyToString)3
IOException (java.io.IOException)3
ArrayList (java.util.ArrayList)3
PGPException (org.bouncycastle.openpgp.PGPException)3
PGPPublicKey (org.bouncycastle.openpgp.PGPPublicKey)3
RevocationKey (org.bouncycastle.bcpg.sig.RevocationKey)2
PGPSignatureGenerator (org.bouncycastle.openpgp.PGPSignatureGenerator)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
InputStreamReader (java.io.InputStreamReader)1
Reader (java.io.Reader)1
HashMap (java.util.HashMap)1
ArmoredOutputStream (org.bouncycastle.bcpg.ArmoredOutputStream)1
BCPGOutputStream (org.bouncycastle.bcpg.BCPGOutputStream)1
RevocationReason (org.bouncycastle.bcpg.sig.RevocationReason)1
PGPPublicKeyRing (org.bouncycastle.openpgp.PGPPublicKeyRing)1
PGPSignatureSubpacketGenerator (org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator)1
PGPSignatureSubpacketVector (org.bouncycastle.openpgp.PGPSignatureSubpacketVector)1
