Update SOP implementation to the latest spec version

See https://datatracker.ietf.org/doc/html/draft-dkg-openpgp-stateless-cli-03
2025-09-09 18:29:39 +02:00 · 2022-01-07 14:28:36 +01:00 · 2022-01-07 14:28:36 +01:00 · 1cb49f4b12
commit 1cb49f4b12
parent 5e0ca369bf
21 changed files with 348 additions and 112 deletions
--- a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/EncryptCmd.java
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/EncryptCmd.java
@ -82,8 +82,8 @@ public class EncryptCmd implements Runnable {
                throw new SOPGPException.KeyIsProtected("Key from " + keyFile.getAbsolutePath() + " is password protected.", keyIsProtected);
            } catch (SOPGPException.UnsupportedAsymmetricAlgo unsupportedAsymmetricAlgo) {
                throw new SOPGPException.UnsupportedAsymmetricAlgo("Key from " + keyFile.getAbsolutePath() + " has unsupported asymmetric algorithm.", unsupportedAsymmetricAlgo);
-            } catch (SOPGPException.CertCannotSign certCannotSign) {
-                throw new RuntimeException("Key from " + keyFile.getAbsolutePath() + " cannot sign.", certCannotSign);
+            } catch (SOPGPException.KeyCannotSign keyCannotSign) {
+                throw new SOPGPException.KeyCannotSign("Key from " + keyFile.getAbsolutePath() + " cannot sign.", keyCannotSign);
            } catch (SOPGPException.BadData badData) {
                throw new SOPGPException.BadData("Key file " + keyFile.getAbsolutePath() + " does not contain a valid OpenPGP private key.", badData);
            }
--- a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/SignCmd.java
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/SignCmd.java
@ -7,12 +7,14 @@ package sop.cli.picocli.commands;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;

 import picocli.CommandLine;
-import sop.Ready;
+import sop.MicAlg;
+import sop.ReadyWithResult;
 import sop.cli.picocli.Print;
 import sop.cli.picocli.SopCLI;
 import sop.enums.SignAs;
@ -34,9 +36,13 @@ public class SignCmd implements Runnable {
    SignAs type;

    @CommandLine.Parameters(description = "Secret keys used for signing",
-            paramLabel = "KEY")
+            paramLabel = "KEYS")
    List<File> secretKeyFile = new ArrayList<>();

+    @CommandLine.Option(names = "--micalg-out", description = "Emits the digest algorithm used to the specified file in a way that can be used to populate the micalg parameter for the PGP/MIME Content-Type (RFC3156)",
+            paramLabel = "MICALG")
+    File micAlgOut;
+
    @Override
    public void run() {
        Sign sign = SopCLI.getSop().sign();
@ -51,8 +57,12 @@ public class SignCmd implements Runnable {
            }
        }

+        if (micAlgOut != null && micAlgOut.exists()) {
+            throw new SOPGPException.OutputExists(String.format("Target %s of option %s already exists.", micAlgOut.getAbsolutePath(), "--micalg-out"));
+        }
+
        if (secretKeyFile.isEmpty()) {
-            Print.errln("Missing required parameter 'KEY'.");
+            Print.errln("Missing required parameter 'KEYS'.");
            System.exit(19);
        }

@ -83,8 +93,16 @@ public class SignCmd implements Runnable {
        }

        try {
-            Ready ready = sign.data(System.in);
-            ready.writeTo(System.out);
+            ReadyWithResult<MicAlg> ready = sign.data(System.in);
+            MicAlg micAlg = ready.writeTo(System.out);
+
+            if (micAlgOut != null) {
+                // Write micalg out
+                micAlgOut.createNewFile();
+                FileOutputStream micAlgOutStream = new FileOutputStream(micAlgOut);
+                micAlg.writeTo(micAlgOutStream);
+                micAlgOutStream.close();
+            }
        } catch (IOException e) {
            Print.errln("IO Error.");
            Print.trace(e);
--- a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/EncryptCmdTest.java
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/EncryptCmdTest.java
@ -91,7 +91,7 @@ public class EncryptCmdTest {
    }

    @Test
-    public void signWith_multipleTimesGetPassedDown() throws IOException, SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.CertCannotSign, SOPGPException.BadData {
+    public void signWith_multipleTimesGetPassedDown() throws IOException, SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.KeyCannotSign, SOPGPException.BadData {
        File keyFile1 = File.createTempFile("sign-with-1-", ".asc");
        File keyFile2 = File.createTempFile("sign-with-2-", ".asc");

@ -107,7 +107,7 @@ public class EncryptCmdTest {

    @Test
    @ExpectSystemExitWithStatus(67)
-    public void signWith_keyIsProtectedCausesExit67() throws SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.CertCannotSign, SOPGPException.BadData, IOException {
+    public void signWith_keyIsProtectedCausesExit67() throws SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.KeyCannotSign, SOPGPException.BadData, IOException {
        when(encrypt.signWith((InputStream) any())).thenThrow(new SOPGPException.KeyIsProtected());
        File keyFile = File.createTempFile("sign-with", ".asc");
        SopCLI.main(new String[] {"encrypt", "--sign-with", keyFile.getAbsolutePath(), "--with-password", "starship"});
@ -115,23 +115,23 @@ public class EncryptCmdTest {

    @Test
    @ExpectSystemExitWithStatus(13)
-    public void signWith_unsupportedAsymmetricAlgoCausesExit13() throws SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.CertCannotSign, SOPGPException.BadData, IOException {
+    public void signWith_unsupportedAsymmetricAlgoCausesExit13() throws SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.KeyCannotSign, SOPGPException.BadData, IOException {
        when(encrypt.signWith((InputStream) any())).thenThrow(new SOPGPException.UnsupportedAsymmetricAlgo("Unsupported asymmetric algorithm.", new Exception()));
        File keyFile = File.createTempFile("sign-with", ".asc");
        SopCLI.main(new String[] {"encrypt", "--with-password", "123456", "--sign-with", keyFile.getAbsolutePath()});
    }

    @Test
-    @ExpectSystemExitWithStatus(1)
-    public void signWith_certCannotSignCausesExit1() throws IOException, SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.CertCannotSign, SOPGPException.BadData {
-        when(encrypt.signWith((InputStream) any())).thenThrow(new SOPGPException.CertCannotSign());
+    @ExpectSystemExitWithStatus(79)
+    public void signWith_certCannotSignCausesExit1() throws IOException, SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.KeyCannotSign, SOPGPException.BadData {
+        when(encrypt.signWith((InputStream) any())).thenThrow(new SOPGPException.KeyCannotSign());
        File keyFile = File.createTempFile("sign-with", ".asc");
        SopCLI.main(new String[] {"encrypt", "--with-password", "dragon", "--sign-with", keyFile.getAbsolutePath()});
    }

    @Test
    @ExpectSystemExitWithStatus(41)
-    public void signWith_badDataCausesExit41() throws SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.CertCannotSign, SOPGPException.BadData, IOException {
+    public void signWith_badDataCausesExit41() throws SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.KeyCannotSign, SOPGPException.BadData, IOException {
        when(encrypt.signWith((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
        File keyFile = File.createTempFile("sign-with", ".asc");
        SopCLI.main(new String[] {"encrypt", "--with-password", "orange", "--sign-with", keyFile.getAbsolutePath()});
--- a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/SignCmdTest.java
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/SignCmdTest.java
@ -19,7 +19,8 @@ import java.io.OutputStream;
 import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import sop.Ready;
+import sop.MicAlg;
+import sop.ReadyWithResult;
 import sop.SOP;
 import sop.cli.picocli.SopCLI;
 import sop.exception.SOPGPException;
@ -33,10 +34,10 @@ public class SignCmdTest {
    @BeforeEach
    public void mockComponents() throws IOException, SOPGPException.ExpectedText {
        sign = mock(Sign.class);
-        when(sign.data((InputStream) any())).thenReturn(new Ready() {
+        when(sign.data((InputStream) any())).thenReturn(new ReadyWithResult<MicAlg>() {
            @Override
-            public void writeTo(OutputStream outputStream) {
-
+            public MicAlg writeTo(OutputStream outputStream) {
+                return MicAlg.fromHashAlgorithmId(10);
            }
        });

@ -109,9 +110,9 @@ public class SignCmdTest {
    @Test
    @ExpectSystemExitWithStatus(1)
    public void data_ioExceptionCausesExit1() throws IOException, SOPGPException.ExpectedText {
-        when(sign.data((InputStream) any())).thenReturn(new Ready() {
+        when(sign.data((InputStream) any())).thenReturn(new ReadyWithResult<MicAlg>() {
            @Override
-            public void writeTo(OutputStream outputStream) throws IOException {
+            public MicAlg writeTo(OutputStream outputStream) throws IOException {
                throw new IOException();
            }
        });