PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-09-10 02:39:39 +02:00
Code Issues Releases Wiki Activity

Add OpenPGPCertificateUtil and unify the way, SOP encodes/armors certificates/keys

Browse source
This commit is contained in:
Paul Schaub 2025-05-14 13:27:06 +02:00
parent b42d96f31b
commit 63d199d76b
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
10 changed files with 260 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

69
pgpainless-sop/src/main/kotlin/org/pgpainless/sop/CertifyUserIdImpl.kt
View file

@ -6,11 +6,10 @@ package org.pgpainless.sop
import java.io.InputStream
import java.io.OutputStream
import org.bouncycastle.bcpg.PacketFormat
import org.bouncycastle.openpgp.api.OpenPGPKey
import org.pgpainless.PGPainless
import org.pgpainless.exception.KeyException
import org.pgpainless.util.ArmoredOutputStreamFactory
import org.pgpainless.util.OpenPGPCertificateUtil
import org.pgpainless.util.Passphrase
import sop.Ready
import sop.exception.SOPGPException
@ -27,45 +26,43 @@ class CertifyUserIdImpl(private val api: PGPainless) : CertifyUserId {
override fun certs(certs: InputStream): Ready {
return object : Ready() {
override fun writeTo(outputStream: OutputStream) {
val out =
if (armor) {
ArmoredOutputStreamFactory.get(outputStream)
} else outputStream
api.readKey()
.parseCertificates(certs)
.onEach { cert ->
if (requireSelfSig) {
// Check for non-bound user-ids
userIds
.find { cert.getUserId(it)?.isBound != true }
?.let { throw SOPGPException.CertUserIdNoMatch(cert.fingerprint) }
}
}
.forEach { cert ->
var certificate = cert
keys.forEach { key ->
userIds.forEach { userId ->
try {
certificate =
api.generateCertification()
.certifyUserId(userId, certificate)
.withKey(key, protector)
.build()
.certifiedCertificate
} catch (e: KeyException) {
throw SOPGPException.KeyCannotCertify(e)
}
val certificates =
api.readKey()
.parseCertificates(certs)
.onEach { cert ->
if (requireSelfSig) {
// Check for non-bound user-ids
userIds
.find { cert.getUserId(it)?.isBound != true }
?.let {
throw SOPGPException.CertUserIdNoMatch(cert.fingerprint)
}
}
}
.map { cert ->
var certificate = cert
keys.forEach { key ->
userIds.forEach { userId ->
try {
certificate =
api.generateCertification()
.certifyUserId(userId, certificate)
.withKey(key, protector)
.build()
.certifiedCertificate
} catch (e: KeyException) {
throw SOPGPException.KeyCannotCertify(e)
}
}
}
certificate
}
out.write(certificate.getEncoded(PacketFormat.CURRENT))
}
out.close()
if (armor) {
// armored output stream does not close inner stream
outputStream.close()
OpenPGPCertificateUtil.armor(certificates, outputStream)
} else {
OpenPGPCertificateUtil.encode(certificates, outputStream)
}
}
}

11
pgpainless-sop/src/main/kotlin/org/pgpainless/sop/ChangeKeyPasswordImpl.kt
View file

@ -8,12 +8,11 @@ import java.io.IOException
import java.io.InputStream
import java.io.OutputStream
import org.bouncycastle.openpgp.PGPException
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection
import org.pgpainless.PGPainless
import org.pgpainless.exception.MissingPassphraseException
import org.pgpainless.key.protection.SecretKeyRingProtector
import org.pgpainless.key.util.KeyRingUtils
import org.pgpainless.util.ArmoredOutputStreamFactory
import org.pgpainless.util.OpenPGPCertificateUtil
import org.pgpainless.util.Passphrase
import sop.Ready
import sop.exception.SOPGPException
@ -54,16 +53,14 @@ class ChangeKeyPasswordImpl(private val api: PGPainless) : ChangeKeyPassword {
"Cannot change passphrase of key ${it.keyIdentifier}", e)
}
}
.let { PGPSecretKeyRingCollection(it) }
.map { api.toKey(it) }
return object : Ready() {
override fun writeTo(outputStream: OutputStream) {
if (armor) {
ArmoredOutputStreamFactory.get(outputStream).use {
updatedSecretKeys.encode(it)
}
OpenPGPCertificateUtil.armor(updatedSecretKeys, outputStream)
} else {
updatedSecretKeys.encode(outputStream)
OpenPGPCertificateUtil.encode(updatedSecretKeys, outputStream)
}
}
}

16
pgpainless-sop/src/main/kotlin/org/pgpainless/sop/ExtractCertImpl.kt
View file

@ -7,7 +7,7 @@ package org.pgpainless.sop
import java.io.InputStream
import java.io.OutputStream
import org.pgpainless.PGPainless
import org.pgpainless.util.ArmoredOutputStreamFactory
import org.pgpainless.util.OpenPGPCertificateUtil
import sop.Ready
import sop.operation.ExtractCert
@ -22,19 +22,9 @@ class ExtractCertImpl(private val api: PGPainless) : ExtractCert {
return object : Ready() {
override fun writeTo(outputStream: OutputStream) {
if (armor) {
if (certs.size == 1) {
val cert = certs[0]
// This way we have a nice armor header with fingerprint and user-ids
val armored = cert.toAsciiArmoredString()
outputStream.write(armored.toByteArray())
} else {
// for multiple certs, add no info headers to the ASCII armor
val armorOut = ArmoredOutputStreamFactory.get(outputStream)
certs.forEach { armorOut.write(it.encoded) }
armorOut.close()
}
OpenPGPCertificateUtil.armor(certs, outputStream)
} else {
certs.forEach { outputStream.write(it.encoded) }
OpenPGPCertificateUtil.encode(certs, outputStream)
}
}
}

7
pgpainless-sop/src/main/kotlin/org/pgpainless/sop/GenerateKeyImpl.kt
View file

@ -13,6 +13,8 @@ import org.bouncycastle.openpgp.PGPException
import org.bouncycastle.openpgp.api.OpenPGPKey
import org.pgpainless.PGPainless
import org.pgpainless.algorithm.KeyFlag
import org.pgpainless.bouncycastle.extensions.asciiArmor
import org.pgpainless.bouncycastle.extensions.encode
import org.pgpainless.key.generation.KeyRingBuilder
import org.pgpainless.key.generation.KeySpec
import org.pgpainless.key.generation.type.KeyType
@ -50,10 +52,9 @@ class GenerateKeyImpl(private val api: PGPainless) : GenerateKey {
return object : Ready() {
override fun writeTo(outputStream: OutputStream) {
if (armor) {
val armored = key.toAsciiArmoredString(PacketFormat.CURRENT)
outputStream.write(armored.toByteArray())
key.asciiArmor(outputStream, PacketFormat.CURRENT)
} else {
outputStream.write(key.getEncoded(PacketFormat.CURRENT))
key.encode(outputStream, PacketFormat.CURRENT)
}
}
}

19
pgpainless-sop/src/main/kotlin/org/pgpainless/sop/MergeCertsImpl.kt
View file

@ -9,7 +9,7 @@ import java.io.OutputStream
import org.bouncycastle.bcpg.KeyIdentifier
import org.bouncycastle.openpgp.api.OpenPGPCertificate
import org.pgpainless.PGPainless
import org.pgpainless.util.ArmoredOutputStreamFactory
import org.pgpainless.util.OpenPGPCertificateUtil
import sop.Ready
import sop.operation.MergeCerts
@ -46,22 +46,11 @@ class MergeCertsImpl(private val api: PGPainless) : MergeCerts {
baseCerts[update.keyIdentifier] = api.mergeCertificate(baseCert, update)
}
val out =
if (armor) {
ArmoredOutputStreamFactory.get(outputStream)
} else {
outputStream
}
// emit merged and updated base certs
for (merged in baseCerts.values) {
out.write(merged.getEncoded())
}
if (armor) {
out.close()
OpenPGPCertificateUtil.armor(baseCerts.values, outputStream)
} else {
OpenPGPCertificateUtil.encode(baseCerts.values, outputStream)
}
outputStream.close()
}
}
}

12
pgpainless-sop/src/main/kotlin/org/pgpainless/sop/RevokeKeyImpl.kt
View file

@ -14,7 +14,7 @@ import org.pgpainless.bouncycastle.extensions.toOpenPGPCertificate
import org.pgpainless.exception.WrongPassphraseException
import org.pgpainless.key.util.KeyRingUtils
import org.pgpainless.key.util.RevocationAttributes
import org.pgpainless.util.ArmoredOutputStreamFactory
import org.pgpainless.util.OpenPGPCertificateUtil
import org.pgpainless.util.Passphrase
import sop.Ready
import sop.exception.SOPGPException
@ -67,15 +67,9 @@ class RevokeKeyImpl(private val api: PGPainless) : RevokeKey {
return object : Ready() {
override fun writeTo(outputStream: OutputStream) {
if (armor) {
val armorOut = ArmoredOutputStreamFactory.get(outputStream)
for (cert in revocationCertificates) {
armorOut.write(cert.getEncoded())
}
armorOut.close()
OpenPGPCertificateUtil.armor(revocationCertificates, outputStream)
} else {
for (cert in revocationCertificates) {
outputStream.write(cert.getEncoded())
}
OpenPGPCertificateUtil.encode(revocationCertificates, outputStream)
}
}
}

32
pgpainless-sop/src/main/kotlin/org/pgpainless/sop/UpdateKeyImpl.kt
View file

@ -7,12 +7,10 @@ package org.pgpainless.sop
import java.io.InputStream
import java.io.OutputStream
import org.bouncycastle.bcpg.KeyIdentifier
import org.bouncycastle.bcpg.PacketFormat
import org.bouncycastle.openpgp.PGPSecretKeyRing
import org.bouncycastle.openpgp.api.OpenPGPCertificate
import org.bouncycastle.openpgp.api.OpenPGPKey
import org.pgpainless.PGPainless
import org.pgpainless.util.ArmoredOutputStreamFactory
import org.pgpainless.util.OpenPGPCertificateUtil
import org.pgpainless.util.Passphrase
import sop.Ready
import sop.operation.UpdateKey
@ -29,33 +27,25 @@ class UpdateKeyImpl(private val api: PGPainless) : UpdateKey {
override fun key(key: InputStream): Ready {
return object : Ready() {
override fun writeTo(outputStream: OutputStream) {
val out =
if (armor) {
ArmoredOutputStreamFactory.get(outputStream)
} else {
outputStream
}
val keyList = api.readKey().parseKeys(key)
for (k in keyList) {
val updatedKey: OpenPGPKey =
if (mergeCerts[k.keyIdentifier] == null) {
k
val keyList =
api.readKey().parseKeys(key).map {
if (mergeCerts[it.keyIdentifier] == null) {
it
} else {
val updatedCert: OpenPGPCertificate =
api.mergeCertificate(
k.toCertificate(), mergeCerts[k.keyIdentifier]!!)
it.toCertificate(), mergeCerts[it.keyIdentifier]!!)
api.toKey(
PGPSecretKeyRing.replacePublicKeys(
k.pgpSecretKeyRing, updatedCert.pgpPublicKeyRing))
it.pgpSecretKeyRing, updatedCert.pgpPublicKeyRing))
}
out.write(updatedKey.getEncoded(PacketFormat.CURRENT))
}
}
if (armor) {
out.close()
OpenPGPCertificateUtil.armor(keyList, outputStream)
} else {
OpenPGPCertificateUtil.encode(keyList, outputStream)
}
outputStream.close()
}
}
}