pgpainless/pgpainless-sop/src/main/java/org/pgpainless/sop/commands/Sign.java

/*
 * Copyright 2020 Paul Schaub.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.pgpainless.sop.commands;

import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.util.io.Streams;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.DocumentSignatureType;
import org.pgpainless.encryption_signing.EncryptionResult;
import org.pgpainless.encryption_signing.EncryptionStream;
import org.pgpainless.encryption_signing.ProducerOptions;
import org.pgpainless.encryption_signing.SigningOptions;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.sop.Print;
import picocli.CommandLine;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;

import static org.pgpainless.sop.Print.err_ln;
import static org.pgpainless.sop.Print.print_ln;

@CommandLine.Command(name = "sign",
        description = "Create a detached signature on the data from standard input",
        exitCodeOnInvalidInput = 37)
public class Sign implements Runnable {

    public enum Type {
        binary,
        text
    }

    @CommandLine.Option(names = "--no-armor",
            description = "ASCII armor the output",
            negatable = true)
    boolean armor = true;

    @CommandLine.Option(names = "--as", description = "Defaults to 'binary'. If '--as=text' and the input data is not valid UTF-8, sign fails with return code 53.",
            paramLabel = "{binary|text}")
    Type type;

    @CommandLine.Parameters(description = "Secret keys used for signing",
            paramLabel = "KEY",
            arity = "1..*")
    File[] secretKeyFile;

    @Override
    public void run() {
        PGPSecretKeyRing[] secretKeys = new PGPSecretKeyRing[secretKeyFile.length];
        for (int i = 0, secretKeyFileLength = secretKeyFile.length; i < secretKeyFileLength; i++) {
            File file = secretKeyFile[i];
            try {
                PGPSecretKeyRing secretKey = PGPainless.readKeyRing().secretKeyRing(new FileInputStream(file));
                secretKeys[i] = secretKey;
            } catch (IOException | PGPException e) {
                err_ln("Error reading secret key ring " + file.getName());
                err_ln(e.getMessage());
                System.exit(1);
                return;
            }
        }
        try {
            SigningOptions signOpt = new SigningOptions();
            for (PGPSecretKeyRing signingKey : secretKeys) {
                signOpt.addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), signingKey,
                        type == Type.text ? DocumentSignatureType.CANONICAL_TEXT_DOCUMENT : DocumentSignatureType.BINARY_DOCUMENT);
            }
            ByteArrayOutputStream out = new ByteArrayOutputStream();

            EncryptionStream encryptionStream = PGPainless.encryptAndOrSign()
                    .onOutputStream(out)
                    .withOptions(ProducerOptions
                            .sign(signOpt)
                            .setAsciiArmor(armor));

            Streams.pipeAll(System.in, encryptionStream);
            encryptionStream.close();

            EncryptionResult result = encryptionStream.getResult();
            for (SubkeyIdentifier signingKey : result.getDetachedSignatures().keySet()) {
                for (PGPSignature signature : result.getDetachedSignatures().get(signingKey)) {
                    print_ln(Print.toString(signature.getEncoded(), armor));
                }
            }
        } catch (PGPException | IOException e) {
            err_ln("Error signing data.");
            err_ln(e.getMessage());
            System.exit(1);
        }
    }
}
Fix various checkstyle issues 2020-12-16 20:09:01 +01:00			`/*`
			`* Copyright 2020 Paul Schaub.`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`
Wip: Start implementing a SOP client 2020-11-26 11:00:48 +01:00			`package org.pgpainless.sop.commands;`

			`import org.bouncycastle.openpgp.PGPException;`
			`import org.bouncycastle.openpgp.PGPSecretKeyRing;`
			`import org.bouncycastle.openpgp.PGPSignature;`
			`import org.bouncycastle.util.io.Streams;`
			`import org.pgpainless.PGPainless;`
Fix tests 2021-05-20 13:42:52 +02:00			`import org.pgpainless.algorithm.DocumentSignatureType;`
			`import org.pgpainless.encryption_signing.EncryptionResult;`
Wip: Start implementing a SOP client 2020-11-26 11:00:48 +01:00			`import org.pgpainless.encryption_signing.EncryptionStream;`
Fix tests 2021-05-20 13:42:52 +02:00			`import org.pgpainless.encryption_signing.ProducerOptions;`
			`import org.pgpainless.encryption_signing.SigningOptions;`
			`import org.pgpainless.key.SubkeyIdentifier;`
			`import org.pgpainless.key.protection.SecretKeyRingProtector;`
Wip: Start implementing a SOP client 2020-11-26 11:00:48 +01:00			`import org.pgpainless.sop.Print;`
			`import picocli.CommandLine;`

Allow signing with multiple secret keys 2020-12-22 22:08:38 +01:00			`import java.io.ByteArrayOutputStream;`
			`import java.io.File;`
			`import java.io.FileInputStream;`
			`import java.io.IOException;`

Fix various checkstyle issues 2020-12-16 20:09:01 +01:00			`import static org.pgpainless.sop.Print.err_ln;`
			`import static org.pgpainless.sop.Print.print_ln;`

Improve subcommand descriptions 2020-12-22 23:07:53 +01:00			`@CommandLine.Command(name = "sign",`
SOP: Properly return error codes to the caller, error code 37 for invalid input args 2021-03-05 14:15:54 +01:00			`description = "Create a detached signature on the data from standard input",`
			`exitCodeOnInvalidInput = 37)`
Wip: Start implementing a SOP client 2020-11-26 11:00:48 +01:00			`public class Sign implements Runnable {`

			`public enum Type {`
			`binary,`
			`text`
			`}`

Improve --[no-]armor flag implementation 2020-12-22 22:05:47 +01:00			`@CommandLine.Option(names = "--no-armor",`
			`description = "ASCII armor the output",`
			`negatable = true)`
			`boolean armor = true;`
Wip: Start implementing a SOP client 2020-11-26 11:00:48 +01:00
Fix various checkstyle issues 2020-12-16 20:09:01 +01:00			`@CommandLine.Option(names = "--as", description = "Defaults to 'binary'. If '--as=text' and the input data is not valid UTF-8, sign fails with return code 53.",`
Allow signing with multiple secret keys 2020-12-22 22:08:38 +01:00			`paramLabel = "{binary\|text}")`
Wip: Start implementing a SOP client 2020-11-26 11:00:48 +01:00			`Type type;`

Allow signing with multiple secret keys 2020-12-22 22:08:38 +01:00			`@CommandLine.Parameters(description = "Secret keys used for signing",`
			`paramLabel = "KEY",`
			`arity = "1..*")`
			`File[] secretKeyFile;`
Wip: Start implementing a SOP client 2020-11-26 11:00:48 +01:00
			`@Override`
			`public void run() {`
Allow signing with multiple secret keys 2020-12-22 22:08:38 +01:00			`PGPSecretKeyRing[] secretKeys = new PGPSecretKeyRing[secretKeyFile.length];`
			`for (int i = 0, secretKeyFileLength = secretKeyFile.length; i < secretKeyFileLength; i++) {`
			`File file = secretKeyFile[i];`
			`try {`
			`PGPSecretKeyRing secretKey = PGPainless.readKeyRing().secretKeyRing(new FileInputStream(file));`
			`secretKeys[i] = secretKey;`
			`} catch (IOException \| PGPException e) {`
			`err_ln("Error reading secret key ring " + file.getName());`
			`err_ln(e.getMessage());`
			`System.exit(1);`
			`return;`
			`}`
Wip: Start implementing a SOP client 2020-11-26 11:00:48 +01:00			`}`
			`try {`
Fix tests 2021-05-20 13:42:52 +02:00			`SigningOptions signOpt = new SigningOptions();`
			`for (PGPSecretKeyRing signingKey : secretKeys) {`
			`signOpt.addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), signingKey,`
			`type == Type.text ? DocumentSignatureType.CANONICAL_TEXT_DOCUMENT : DocumentSignatureType.BINARY_DOCUMENT);`
			`}`
SOP: Respect signature type 2020-12-16 16:43:58 +01:00			`ByteArrayOutputStream out = new ByteArrayOutputStream();`

Fix tests 2021-05-20 13:42:52 +02:00			`EncryptionStream encryptionStream = PGPainless.encryptAndOrSign()`
			`.onOutputStream(out)`
			`.withOptions(ProducerOptions`
			`.sign(signOpt)`
			`.setAsciiArmor(armor));`
Wip: Start implementing a SOP client 2020-11-26 11:00:48 +01:00
			`Streams.pipeAll(System.in, encryptionStream);`
			`encryptionStream.close();`

Fix tests 2021-05-20 13:42:52 +02:00			`EncryptionResult result = encryptionStream.getResult();`
			`for (SubkeyIdentifier signingKey : result.getDetachedSignatures().keySet()) {`
			`for (PGPSignature signature : result.getDetachedSignatures().get(signingKey)) {`
			`print_ln(Print.toString(signature.getEncoded(), armor));`
			`}`
			`}`
Wip: Start implementing a SOP client 2020-11-26 11:00:48 +01:00			`} catch (PGPException \| IOException e) {`
Fix various checkstyle issues 2020-12-16 20:09:01 +01:00			`err_ln("Error signing data.");`
			`err_ln(e.getMessage());`
Wip: Start implementing a SOP client 2020-11-26 11:00:48 +01:00			`System.exit(1);`
			`}`
			`}`
			`}`