#1074

Committed 20 Jan 2026 11:18PM UTC coverage: 85.293% (+0.09%) from 85.206%

Build # #1074

Build Type

push

github

Committed by

vanitasvitae

Commit Message

Bump sop-java to 15.0.0

Coverage Stats

6774 of 7942 relevant lines covered (85.29%)

0.85 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.65

/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/CertifyUserIdImpl.kt

// SPDX-FileCopyrightText: 2025 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0

package org.pgpainless.sop

import java.io.InputStream
import java.io.OutputStream
import org.bouncycastle.openpgp.api.OpenPGPKey
import org.pgpainless.PGPainless
import org.pgpainless.exception.KeyException
import org.pgpainless.util.OpenPGPCertificateUtil
import sop.Ready
import sop.exception.SOPGPException
import sop.operation.CertifyUserId

class CertifyUserIdImpl(private val api: PGPainless) : CertifyUserId {

    private var armor: Boolean = true
    private val keys: MutableList<OpenPGPKey> = mutableListOf()
    private var requireSelfSig = true
    private val userIds: MutableSet<String> = mutableSetOf()
    private var protector: MatchMakingSecretKeyRingProtector = MatchMakingSecretKeyRingProtector()

    override fun certs(certs: InputStream): Ready {
        return object : Ready() {
            override fun writeTo(outputStream: OutputStream) {

                val certificates =
                    api.readKey()
                        .parseCertificates(certs)
                        .onEach { cert ->
                            if (requireSelfSig) {
                                // Check for non-bound user-ids
                                userIds
                                    .find { cert.getUserId(it)?.isBound != true }
                                    ?.let {
                                        throw SOPGPException.CertUserIdNoMatch(cert.fingerprint)
                                    }
                            }
                        }
                        .map { cert ->
                            var certificate = cert
                            keys.forEach { key ->
                                userIds.forEach { userId ->
                                    try {
                                        certificate =
                                            api.generateCertification()
                                                .certifyUserId(userId, certificate)
                                                .withKey(key, protector)
                                                .build()
                                                .certifiedCertificate
                                    } catch (e: KeyException) {
                                        throw SOPGPException.KeyCannotCertify(e)
                                    }
                                }
                            }
                            certificate
                        }

                if (armor) {
                    OpenPGPCertificateUtil.armor(certificates, outputStream)
                } else {
                    OpenPGPCertificateUtil.encode(certificates, outputStream)
                }
            }
        }
    }

    override fun keys(keys: InputStream): CertifyUserId = apply {
        this.keys.addAll(api.readKey().parseKeys(keys).onEach { protector.addSecretKey(it) })
    }

    override fun noArmor(): CertifyUserId = apply { armor = false }

    override fun noRequireSelfSig(): CertifyUserId = apply { requireSelfSig = false }

    override fun userId(userId: String): CertifyUserId = apply { this.userIds.add(userId) }

    override fun withKeyPassword(password: ByteArray): CertifyUserId = apply {
        PasswordHelper.addPassphrasePlusRemoveWhitespace(password, protector)
    }
}

1	// SPDX-FileCopyrightText: 2025 Paul Schaub <vanitasvitae@fsfe.org>
2	//
3	// SPDX-License-Identifier: Apache-2.0
4
5	package org.pgpainless.sop
6
7	import java.io.InputStream
8	import java.io.OutputStream
9	import org.bouncycastle.openpgp.api.OpenPGPKey
10	import org.pgpainless.PGPainless
11	import org.pgpainless.exception.KeyException
12	import org.pgpainless.util.OpenPGPCertificateUtil
13	import sop.Ready
14	import sop.exception.SOPGPException
15	import sop.operation.CertifyUserId
16
17	class CertifyUserIdImpl(private val api: PGPainless) : CertifyUserId {	1✔
18
19	private var armor: Boolean = true	1✔
20	private val keys: MutableList<OpenPGPKey> = mutableListOf()	1✔
21	private var requireSelfSig = true	1✔
22	private val userIds: MutableSet<String> = mutableSetOf()	1✔
23	private var protector: MatchMakingSecretKeyRingProtector = MatchMakingSecretKeyRingProtector()	1✔
24
25	override fun certs(certs: InputStream): Ready {
26	return object : Ready() {	1✔
27	override fun writeTo(outputStream: OutputStream) {
28
29	val certificates =	1✔
30	api.readKey()	1✔
31	.parseCertificates(certs)	1✔
32	.onEach { cert ->	1✔
33	if (requireSelfSig) {	1✔
34	// Check for non-bound user-ids
35	userIds	1✔
36	.find { cert.getUserId(it)?.isBound != true }	1✔
37	?.let {	1✔
38	throw SOPGPException.CertUserIdNoMatch(cert.fingerprint)	1✔
39	}
40	}
41	}	1✔
42	.map { cert ->	1✔
43	var certificate = cert	1✔
44	keys.forEach { key ->	1✔
45	userIds.forEach { userId ->	1✔
46	try {	1✔
47	certificate =	1✔
48	api.generateCertification()	1✔
49	.certifyUserId(userId, certificate)	1✔
50	.withKey(key, protector)	1✔
51	.build()	1✔
52	.certifiedCertificate	1✔
53	} catch (e: KeyException) {	1✔
54	throw SOPGPException.KeyCannotCertify(e)	1✔
55	}
56	}	1✔
57	}	1✔
58	certificate	1✔
59	}
60
61	if (armor) {	1✔
62	OpenPGPCertificateUtil.armor(certificates, outputStream)	1✔
63	} else {
64	OpenPGPCertificateUtil.encode(certificates, outputStream)	×
65	}
66	}	1✔
67	}
68	}
69
70	override fun keys(keys: InputStream): CertifyUserId = apply {	1✔
71	this.keys.addAll(api.readKey().parseKeys(keys).onEach { protector.addSecretKey(it) })	1✔
72	}	1✔
73
74	override fun noArmor(): CertifyUserId = apply { armor = false }	×
75
76	override fun noRequireSelfSig(): CertifyUserId = apply { requireSelfSig = false }	1✔
77
78	override fun userId(userId: String): CertifyUserId = apply { this.userIds.add(userId) }	1✔
79
80	override fun withKeyPassword(password: ByteArray): CertifyUserId = apply {	1✔
81	PasswordHelper.addPassphrasePlusRemoveWhitespace(password, protector)	1✔
82	}	1✔
83	}

pgpainless / pgpainless / #1074

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous