Initial implementation of 'change-key-password' command of SOP-07

pgpainless-sop/src/main/java/org/pgpainless/sop/ChangeKeyPasswordImpl.java

@@ -0,0 +1,91 @@
+// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.sop;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.bouncycastle.bcpg.ArmoredOutputStream;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
+import org.pgpainless.PGPainless;
+import org.pgpainless.exception.MissingPassphraseException;
+import org.pgpainless.key.OpenPgpFingerprint;
+import org.pgpainless.key.protection.SecretKeyRingProtector;
+import org.pgpainless.key.util.KeyRingUtils;
+import org.pgpainless.util.ArmoredOutputStreamFactory;
+import org.pgpainless.util.Passphrase;
+import sop.Ready;
+import sop.exception.SOPGPException;
+import sop.operation.ChangeKeyPassword;
+
+public class ChangeKeyPasswordImpl implements ChangeKeyPassword {
+
+    private final MatchMakingSecretKeyRingProtector oldProtector = new MatchMakingSecretKeyRingProtector();
+    private Passphrase newPassphrase = Passphrase.emptyPassphrase();
+    private boolean armor = true;
+
+    @Override
+    public ChangeKeyPassword noArmor() {
+        armor = false;
+        return this;
+    }
+
+    @Override
+    public ChangeKeyPassword oldKeyPassphrase(String oldPassphrase) {
+        oldProtector.addPassphrase(Passphrase.fromPassword(oldPassphrase));
+        return this;
+    }
+
+    @Override
+    public ChangeKeyPassword newKeyPassphrase(String newPassphrase) {
+        this.newPassphrase = Passphrase.fromPassword(newPassphrase);
+        return this;
+    }
+
+    @Override
+    public Ready keys(InputStream inputStream) throws SOPGPException.KeyIsProtected {
+        SecretKeyRingProtector newProtector = SecretKeyRingProtector.unlockAnyKeyWith(newPassphrase);
+        PGPSecretKeyRingCollection secretKeyRingCollection;
+        try {
+            secretKeyRingCollection = PGPainless.readKeyRing().secretKeyRingCollection(inputStream);
+        } catch (IOException e) {
+            throw new SOPGPException.BadData(e);
+        }
+
+        List<PGPSecretKeyRing> updatedSecretKeys = new ArrayList<>();
+        for (PGPSecretKeyRing secretKeys : secretKeyRingCollection) {
+            oldProtector.addSecretKey(secretKeys);
+            try {
+                PGPSecretKeyRing changed = KeyRingUtils.changePassphrase(null, secretKeys, oldProtector, newProtector);
+                updatedSecretKeys.add(changed);
+            } catch (MissingPassphraseException e) {
+                throw new SOPGPException.KeyIsProtected("Cannot unlock key " + OpenPgpFingerprint.of(secretKeys), e);
+            } catch (PGPException e) {
+                if (e.getMessage().contains("Exception decrypting key")) {
+                    throw new SOPGPException.KeyIsProtected("Cannot unlock key " + OpenPgpFingerprint.of(secretKeys), e);
+                }
+                throw new RuntimeException("Cannot change passphrase of key " + OpenPgpFingerprint.of(secretKeys), e);
+            }
+        }
+        final PGPSecretKeyRingCollection changedSecretKeyCollection = new PGPSecretKeyRingCollection(updatedSecretKeys);
+        return new Ready() {
+            @Override
+            public void writeTo(OutputStream outputStream) throws IOException {
+                if (armor) {
+                    ArmoredOutputStream armorOut = ArmoredOutputStreamFactory.get(outputStream);
+                    changedSecretKeyCollection.encode(armorOut);
+                    armorOut.close();
+                } else {
+                    changedSecretKeyCollection.encode(outputStream);
+                }
+            }
+        };
+    }
+}

pgpainless-sop/src/main/java/org/pgpainless/sop/SOPImpl.java

@@ -7,6 +7,7 @@ package org.pgpainless.sop;
 import org.pgpainless.util.ArmoredOutputStreamFactory;
 import sop.SOP;
 import sop.operation.Armor;
+import sop.operation.ChangeKeyPassword;
 import sop.operation.Dearmor;
 import sop.operation.Decrypt;
 import sop.operation.DetachedSign;
@@ -108,6 +109,11 @@ public class SOPImpl implements SOP {
         return new RevokeKeyImpl();
     }
 
+    @Override
+    public ChangeKeyPassword changeKeyPassword() {
+        return new ChangeKeyPasswordImpl();
+    }
+
     @Override
     public InlineDetach inlineDetach() {
         return new InlineDetachImpl();

pgpainless-sop/src/test/java/sop/testsuite/pgpainless/operation/PGPainlessChangeKeyPasswordTest.java

@@ -0,0 +1,10 @@
+// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.testsuite.pgpainless.operation;
+
+import sop.testsuite.operation.ChangeKeyPasswordTest;
+
+public class PGPainlessChangeKeyPasswordTest extends ChangeKeyPasswordTest {
+}