OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedSecretKeyRing.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

package org.sufficientlysecure.keychain.pgp;

import org.spongycastle.bcpg.sig.KeyFlags;
import org.spongycastle.openpgp.PGPPublicKey;
import org.spongycastle.openpgp.PGPSecretKey;
import org.spongycastle.openpgp.PGPSecretKeyRing;
import org.spongycastle.openpgp.PGPSignature;
import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
import org.sufficientlysecure.keychain.util.IterableIterator;

public class CachedSecretKeyRing extends CachedKeyRing {

    private PGPSecretKeyRing mRing;

    public CachedSecretKeyRing(long masterKeyId, int keySize, boolean isRevoked,
                               boolean canCertify, long creation, long expiry, int algorithm,
                               byte[] fingerprint, String userId, int verified, boolean hasSecret,
                               byte[] blob)
    {
        super(masterKeyId, keySize, isRevoked, canCertify, creation, expiry,
                algorithm, fingerprint, userId, verified, hasSecret);

        mRing = (PGPSecretKeyRing) PgpConversionHelper.BytesToPGPKeyRing(blob);
    }

    CachedSecretKey getSubKey(long id) {
        return new CachedSecretKey(this, mRing.getSecretKey(id));
    }

    /** This returns the subkey that should be used for signing.
     * At this point, this is simply the first suitable subkey.
     */
    CachedSecretKey getSigningSubKey() {
        for (PGPSecretKey key : new IterableIterator<PGPSecretKey>(mRing.getSecretKeys())) {
            if (isSigningKey(key.getPublicKey())) {
                return new CachedSecretKey(this, key);
            }
        }
        // TODO exception
        return null;
    }

    @SuppressWarnings("unchecked")
    public static boolean isSigningKey(PGPPublicKey key) {
        if (key.getVersion() <= 3) {
            return true;
        }

        // special case
        if (key.getAlgorithm() == PGPPublicKey.RSA_SIGN) {
            return true;
        }

        for (PGPSignature sig : new IterableIterator<PGPSignature>(key.getSignatures())) {
            if (key.isMasterKey() && sig.getKeyID() != key.getKeyID()) {
                continue;
            }
            PGPSignatureSubpacketVector hashed = sig.getHashedSubPackets();

            if (hashed != null && (hashed.getKeyFlags() & KeyFlags.SIGN_DATA) != 0) {
                return true;
            }

            PGPSignatureSubpacketVector unhashed = sig.getUnhashedSubPackets();

            if (unhashed != null && (unhashed.getKeyFlags() & KeyFlags.SIGN_DATA) != 0) {
                return true;
            }
        }

        return false;
    }

}