Merge remote-tracking branch 'origin/main'

# Conflicts:
#	pg/build.gradle

Author: mwcw

core/src/main/java/org/bouncycastle/asn1/x509/DeltaCertificateDescriptor.java

@@ -76,7 +76,7 @@ private DeltaCertificateDescriptor(ASN1Sequence seq)
         this.serialNumber = ASN1Integer.getInstance(seq.getObjectAt(0));
 
         int idx = 1;
-        ASN1Encodable next = seq.getObjectAt(idx);
+        ASN1Encodable next = seq.getObjectAt(idx++);
         while (next instanceof ASN1TaggedObject)
         {
             ASN1TaggedObject tagged = ASN1TaggedObject.getInstance(next);

pg/build.gradle

@@ -4,6 +4,11 @@ plugins {
 }
 
 sourceSets {
+    main {
+        java {
+            srcDirs = ["$buildDir/generated-src"]
+        }
+    }
     java9 {
         java {
             srcDirs = ['src/main/jdk1.9']
@@ -29,6 +34,14 @@ dependencies {
 evaluationDependsOn(":prov")
 evaluationDependsOn(":util")
 
+task generateSources(type: Copy) {
+    from 'src/main/java'
+    into "$buildDir/generated-src"
+    filter { line -> line.replaceAll('@RELEASE_NAME@', "${version}") }
+}
+
+compileJava.dependsOn generateSources
+
 compileJava {
 
     options.release = 8
@@ -46,14 +59,17 @@ compileJava9Java {
             '--module-path', "${prov_jar}${File.pathSeparator}${util_jar}"
     ]
 
-    options.sourcepath = files(['src/main/java', 'src/main/jdk1.9'])
+    options.sourcepath = files(["$buildDir/generated-src", 'src/main/jdk1.9'])
 }
 
 
 jar.archiveBaseName = "bcpg-$vmrange"
 
 
+
 task sourcesJar(type: Jar) {
+    dependsOn generateSources
+
     archiveBaseName = jar.archiveBaseName
     archiveClassifier = 'sources'
     from sourceSets.main.allSource

pg/src/main/java/org/bouncycastle/bcpg/KeyIdentifier.java

@@ -0,0 +1,195 @@
+package org.bouncycastle.bcpg;
+
+import java.util.List;
+
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+
+/**
+ * Utility class for matching key-ids / fingerprints.
+ * A {@link KeyIdentifier} can be created from either a 64-bit key-id, a fingerprint, or both.
+ * This class was created to enable a seamless transition from use of key-ids in the API
+ * towards identifying keys via fingerprints.
+ */
+public class KeyIdentifier
+{
+    private final byte[] fingerprint;
+    private final long keyId;
+
+    /**
+     * Create a new {@link KeyIdentifier} based on a keys fingerprint.
+     * For fingerprints matching the format of a v4, v5 or v6 key, the constructor will
+     * try to derive the corresponding key-id from the fingerprint.
+     *
+     * @param fingerprint fingerprint
+     */
+    public KeyIdentifier(byte[] fingerprint)
+    {
+        this.fingerprint = Arrays.clone(fingerprint);
+
+        // v4
+        if (fingerprint.length == 20)
+        {
+            keyId = FingerprintUtil.keyIdFromV4Fingerprint(fingerprint);
+        }
+        // v5, v6
+        else if (fingerprint.length == 32)
+        {
+            keyId = FingerprintUtil.keyIdFromV6Fingerprint(fingerprint);
+        }
+        else
+        {
+            keyId = 0L;
+        }
+    }
+
+    /**
+     * Create a {@link KeyIdentifier} based on the given fingerprint and key-id.
+     *
+     * @param fingerprint fingerprint
+     * @param keyId key-id
+     */
+    public KeyIdentifier(byte[] fingerprint, long keyId)
+    {
+        this.fingerprint = Arrays.clone(fingerprint);
+        this.keyId = keyId;
+    }
+
+    /**
+     * Create a {@link KeyIdentifier} based on the given key-id.
+     * {@code fingerprint} will be set to {@code null}.
+     *
+     * @param keyId key-id
+     */
+    public KeyIdentifier(long keyId)
+    {
+        this(null, keyId);
+    }
+
+    /**
+     * Create a wildcard {@link KeyIdentifier}.
+     */
+    private KeyIdentifier()
+    {
+        this(new byte[0], 0L);
+    }
+
+    /**
+     * Create a wildcard {@link KeyIdentifier}.
+     *
+     * @return wildcard key identifier
+     */
+    public static KeyIdentifier wildcard()
+    {
+        return new KeyIdentifier();
+    }
+
+    /**
+     * Return the fingerprint of the {@link KeyIdentifier}.
+     * {@code fingerprint} might be null, if the {@link KeyIdentifier} was created from just a key-id.
+     * If {@link #isWildcard()} returns true, this method returns an empty, but non-null array.
+     *
+     * @return fingerprint
+     */
+    public byte[] getFingerprint()
+    {
+        return Arrays.clone(fingerprint);
+    }
+
+    /**
+     * Return the key-id of the {@link KeyIdentifier}.
+     * This might be {@code 0L} if {@link #isWildcard()} returns true, or if an unknown
+     * fingerprint was passed in.
+     *
+     * @return key-id
+     */
+    public long getKeyId()
+    {
+        return keyId;
+    }
+
+    /**
+     * Returns true, if the {@link KeyIdentifier} specifies a wildcard (matches anything).
+     * This is for example used with anonymous recipient key-ids / fingerprints, where the recipient
+     * needs to try all available keys to decrypt the message.
+     *
+     * @return is wildcard
+     */
+    public boolean isWildcard()
+    {
+        return keyId == 0L && fingerprint.length == 0;
+    }
+
+    /**
+     * Return true if the KeyIdentifier has a fingerprint corresponding to the passed in one.
+     *
+     * @param fingerprint the fingerprint to match against.
+     * @return true if there's a match, false otherwise.
+     */
+    public boolean hasFingerprint(byte[] fingerprint)
+    {
+        return Arrays.constantTimeAreEqual(this.fingerprint, fingerprint);
+    }
+
+    /**
+     * Return true, if this {@link KeyIdentifier} matches the given other {@link KeyIdentifier}.
+     * This will return true if the fingerprint matches, or if the key-id matches,
+     * or if {@link #isWildcard()} returns true.
+     *
+     * @param other the identifier we are matching against.
+     * @return true if we match other, false otherwise.
+     */
+    public boolean matches(KeyIdentifier other)
+    {
+        if (isWildcard() || other.isWildcard())
+        {
+            return true;
+        }
+
+        if (fingerprint != null && other.fingerprint != null)
+        {
+            return Arrays.constantTimeAreEqual(fingerprint, other.fingerprint);
+        }
+        else
+        {
+            return keyId == other.keyId;
+        }
+    }
+
+    /**
+     * Return true, if this {@link KeyIdentifier} is present in the given list of {@link KeyIdentifier} .
+     * This will return true if a fingerprint matches, or if a key-id matches,
+     * or if {@link #isWildcard()} returns true.
+     *
+     * @param others the list of key identifiers to check.
+     * @return true, if the identifier is present in the list, false otherwise.
+     */
+    public boolean isPresentIn(List<KeyIdentifier> others)
+    {
+        for (KeyIdentifier other: others)
+        {
+            if (this.matches(other))
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    public String toString()
+    {
+        if (isWildcard())
+        {
+            return "*";
+        }
+
+        if (fingerprint == null)
+        {
+            return "" + keyId;
+        }
+
+        // -DM Hex.toHexString
+        return Hex.toHexString(fingerprint).toUpperCase();
+    }
+}

pg/src/main/java/org/bouncycastle/bcpg/PublicKeyPacket.java

@@ -4,6 +4,8 @@
 import java.io.IOException;
 import java.util.Date;
 
+import org.bouncycastle.util.Pack;
+
 /**
  * Base class for OpenPGP public (primary) keys.
  * The public key packet holds the public parameters of an OpenPGP key pair.
@@ -359,4 +361,24 @@ public void encode(
     {
         out.writePacket(hasNewPacketFormat(), getPacketTag(), getEncodedContents());
     }
+
+    public static long getKeyID(PublicKeyPacket publicPk, byte[] fingerprint)
+    {
+        if (publicPk.version <= PublicKeyPacket.VERSION_3)
+        {
+            RSAPublicBCPGKey rK = (RSAPublicBCPGKey)publicPk.key;
+
+            return rK.getModulus().longValue();
+        }
+        else if (publicPk.version == PublicKeyPacket.VERSION_4)
+        {
+            return Pack.bigEndianToLong(fingerprint, fingerprint.length - 8);
+        }
+        else if (publicPk.version == PublicKeyPacket.LIBREPGP_5 || publicPk.version == PublicKeyPacket.VERSION_6)
+        {
+            return Pack.bigEndianToLong(fingerprint, 0);
+        }
+
+        return 0;
+    }
 }

pg/src/main/java/org/bouncycastle/bcpg/sig/IntendedRecipientFingerprint.java

@@ -1,5 +1,6 @@
 package org.bouncycastle.bcpg.sig;
 
+import org.bouncycastle.bcpg.KeyIdentifier;
 import org.bouncycastle.bcpg.SignatureSubpacket;
 import org.bouncycastle.bcpg.SignatureSubpacketTags;
 import org.bouncycastle.util.Arrays;
@@ -40,4 +41,9 @@ public byte[] getFingerprint()
     {
         return Arrays.copyOfRange(data, 1, data.length);
     }
+
+    public KeyIdentifier getKeyIdentifier()
+    {
+        return new KeyIdentifier(getFingerprint());
+    }
 }

pg/src/main/java/org/bouncycastle/bcpg/sig/IssuerFingerprint.java

@@ -1,6 +1,7 @@
 package org.bouncycastle.bcpg.sig;
 
 import org.bouncycastle.bcpg.FingerprintUtil;
+import org.bouncycastle.bcpg.KeyIdentifier;
 import org.bouncycastle.bcpg.PublicKeyPacket;
 import org.bouncycastle.bcpg.SignatureSubpacket;
 import org.bouncycastle.bcpg.SignatureSubpacketTags;
@@ -59,4 +60,9 @@ public long getKeyID()
         }
         return 0;
     }
+
+    public KeyIdentifier getKeyIdentifier()
+    {
+        return new KeyIdentifier(getFingerprint());
+    }
 }

pg/src/main/java/org/bouncycastle/bcpg/sig/IssuerKeyID.java

@@ -1,6 +1,7 @@
 package org.bouncycastle.bcpg.sig;
 
 import org.bouncycastle.bcpg.FingerprintUtil;
+import org.bouncycastle.bcpg.KeyIdentifier;
 import org.bouncycastle.bcpg.SignatureSubpacket;
 import org.bouncycastle.bcpg.SignatureSubpacketTags;
 
@@ -44,4 +45,9 @@ public long getKeyID()
     {
         return FingerprintUtil.readKeyID(data);
     }
+
+    public KeyIdentifier getKeyIdentifier()
+    {
+        return new KeyIdentifier(getKeyID());
+    }
 }

pg/src/main/java/org/bouncycastle/bcpg/sig/RevocationKey.java

@@ -1,5 +1,6 @@
 package org.bouncycastle.bcpg.sig;
 
+import org.bouncycastle.bcpg.KeyIdentifier;
 import org.bouncycastle.bcpg.SignatureSubpacket;
 import org.bouncycastle.bcpg.SignatureSubpacketTags;
 
@@ -55,4 +56,9 @@ public byte[] getFingerprint()
         System.arraycopy(data, 2, fingerprint, 0, fingerprint.length);
         return fingerprint;
     }
+
+    public KeyIdentifier getKeyIdentifier()
+    {
+        return new KeyIdentifier(getFingerprint());
+    }
 }