pgpainless/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/OpenPgpKeyBuilder.kt

// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0

package org.pgpainless.key.generation

import java.util.*
import org.bouncycastle.openpgp.PGPSecretKey
import org.bouncycastle.openpgp.PGPSecretKeyRing
import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector
import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor
import org.pgpainless.algorithm.AlgorithmSuite
import org.pgpainless.algorithm.KeyFlag
import org.pgpainless.implementation.ImplementationFactory
import org.pgpainless.key.generation.type.KeyType
import org.pgpainless.key.protection.SecretKeyRingProtector
import org.pgpainless.policy.Policy
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets

open class OpenPgpKeyBuilder(
    protected val policy: Policy,
    protected val referenceTime: Date = Date(),
    protected val keyGenerationPolicy: AlgorithmSuite = policy.keyGenerationAlgorithmSuite
) {

    fun buildV4Key(
        keyType: KeyType,
    ): V4OpenPgpKeyBuilder =
        V4OpenPgpKeyBuilder(keyType, policy, referenceTime, keyGenerationPolicy)

    class V4OpenPgpKeyBuilder(
        keyType: KeyType,
        policy: Policy,
        referenceTime: Date,
        keyGenerationPolicy: AlgorithmSuite
    ) : OpenPgpKeyBuilder(policy, referenceTime, keyGenerationPolicy) {

        private val primaryKey =
            BaseOpenPgpKeyBuilder.BaseV4PrimaryKeyBuilder(keyType, referenceTime, policy)

        private val subkeys = mutableListOf<BaseOpenPgpKeyBuilder.BaseV4SubkeyBuilder>()

        fun addUserId(
            userId: CharSequence,
            algorithmSuite: AlgorithmSuite = keyGenerationPolicy,
            subpacketsCallback: SelfSignatureSubpackets.Callback = SelfSignatureSubpackets.nop()
        ) = apply {
            primaryKey.userId(userId, algorithmSuite, subpacketsCallback = subpacketsCallback)
        }

        fun addUserAttribute(
            attribute: PGPUserAttributeSubpacketVector,
            algorithmSuite: AlgorithmSuite = keyGenerationPolicy,
            subpacketsCallback: SelfSignatureSubpackets.Callback = SelfSignatureSubpackets.nop()
        ) = apply {
            primaryKey.userAttribute(
                attribute, algorithmSuite, subpacketsCallback = subpacketsCallback)
        }

        fun addSubkey(
            keyType: KeyType,
            creationTime: Date = referenceTime,
            bindingTime: Date = creationTime,
            keyFlags: List<KeyFlag>?
        ) =
            addSubkey(
                BaseOpenPgpKeyBuilder.BaseV4SubkeyBuilder(
                    keyType, creationTime, policy, primaryKey),
                bindingTime,
                keyFlags)

        fun addSubkey(
            subkeyBuilder: BaseOpenPgpKeyBuilder.BaseV4SubkeyBuilder,
            bindingTime: Date = subkeyBuilder.creationTime,
            keyFlags: List<KeyFlag>?
        ) = apply {
            subkeys.add(
                subkeyBuilder.also {
                    it.bindingSignature(
                        bindingTime,
                        subpacketsCallback =
                            object : SelfSignatureSubpackets.Callback {
                                override fun modifyHashedSubpackets(
                                    hashedSubpackets: SelfSignatureSubpackets
                                ) {
                                    hashedSubpackets.setSignatureCreationTime(bindingTime)
                                    keyFlags?.let { flagList ->
                                        hashedSubpackets.setKeyFlags(flagList)
                                    }
                                }
                            })
                })
        }

        fun addEncryptionSubkey(
            keyType: KeyType,
            creationTime: Date = referenceTime,
            bindingTime: Date = creationTime
        ) =
            addSubkey(
                keyType,
                creationTime,
                bindingTime,
                listOf(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))

        fun addSigningSubkey(
            keyType: KeyType,
            creationTime: Date = referenceTime,
            bindingTime: Date = creationTime
        ) = addSubkey(keyType, creationTime, bindingTime, listOf(KeyFlag.SIGN_DATA))

        fun build(
            protector: SecretKeyRingProtector = SecretKeyRingProtector.unprotectedKeys()
        ): PGPSecretKeyRing {

            // Add DK sig in case of no user-id
            if (primaryKey.isWithoutUserIds()) {
                primaryKey.directKeySignature(
                    subpacketsCallback = defaultPrimarySubpacketsCallback())
            }

            return PGPSecretKeyRing(
                mutableListOf(
                        PGPSecretKey(
                            primaryKey.key.privateKey,
                            primaryKey.key.publicKey,
                            ImplementationFactory.getInstance().v4FingerprintCalculator,
                            true,
                            protector.getEncryptor(primaryKey.key.keyID)))
                    .plus(
                        subkeys.map {
                            PGPSecretKey(
                                it.key.privateKey,
                                it.key.publicKey,
                                ImplementationFactory.getInstance().v4FingerprintCalculator,
                                false,
                                protector.getEncryptor(it.key.keyID))
                        }))
        }

        private fun defaultPrimarySubpacketsCallback(): SelfSignatureSubpackets.Callback =
            object : SelfSignatureSubpackets.Callback {
                override fun modifyHashedSubpackets(hashedSubpackets: SelfSignatureSubpackets) {
                    hashedSubpackets.apply {
                        setPreferredHashAlgorithms(keyGenerationPolicy.hashAlgorithms)
                        setPreferredSymmetricKeyAlgorithms(
                            keyGenerationPolicy.symmetricKeyAlgorithms)
                        setPreferredCompressionAlgorithms(keyGenerationPolicy.compressionAlgorithms)
                        setKeyFlags(KeyFlag.CERTIFY_OTHER)
                    }
                }
            }

        private fun toSecretKey(
            key: BaseOpenPgpKeyBuilder.BaseV4KeyBuilder<*>,
            isPrimaryKey: Boolean,
            encryptor: PBESecretKeyEncryptor?
        ): PGPSecretKey {
            return PGPSecretKey(
                key.key.privateKey,
                key.key.publicKey,
                ImplementationFactory.getInstance().v4FingerprintCalculator,
                isPrimaryKey,
                encryptor)
        }
    }
}
Progress 2024-01-22 16:52:40 +01:00			`// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>`
			`//`
			`// SPDX-License-Identifier: Apache-2.0`

WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`package org.pgpainless.key.generation`

Further progress 2024-01-11 16:44:21 +01:00			`import java.util.*`
Progress 2024-01-22 16:52:40 +01:00			`import org.bouncycastle.openpgp.PGPSecretKey`
			`import org.bouncycastle.openpgp.PGPSecretKeyRing`
Further progress 2024-01-11 16:44:21 +01:00			`import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector`
Progress 2024-01-22 16:52:40 +01:00			`import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor`
			`import org.pgpainless.algorithm.AlgorithmSuite`
Further progress 2024-01-11 16:44:21 +01:00			`import org.pgpainless.algorithm.KeyFlag`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`import org.pgpainless.implementation.ImplementationFactory`
			`import org.pgpainless.key.generation.type.KeyType`
Progress 2024-01-22 16:52:40 +01:00			`import org.pgpainless.key.protection.SecretKeyRingProtector`
Further progress 2024-01-11 16:44:21 +01:00			`import org.pgpainless.policy.Policy`
Progress 2024-01-08 13:51:16 +01:00			`import org.pgpainless.signature.subpackets.SelfSignatureSubpackets`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00
Progress 2024-01-22 16:52:40 +01:00			`open class OpenPgpKeyBuilder(`
			`protected val policy: Policy,`
			`protected val referenceTime: Date = Date(),`
			`protected val keyGenerationPolicy: AlgorithmSuite = policy.keyGenerationAlgorithmSuite`
			`) {`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00
			`fun buildV4Key(`
Progress 2024-01-22 16:52:40 +01:00			`keyType: KeyType,`
			`): V4OpenPgpKeyBuilder =`
			`V4OpenPgpKeyBuilder(keyType, policy, referenceTime, keyGenerationPolicy)`
Progress 2024-01-08 13:51:16 +01:00
Progress 2024-01-22 16:52:40 +01:00			`class V4OpenPgpKeyBuilder(`
			`keyType: KeyType,`
			`policy: Policy,`
			`referenceTime: Date,`
			`keyGenerationPolicy: AlgorithmSuite`
			`) : OpenPgpKeyBuilder(policy, referenceTime, keyGenerationPolicy) {`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00
Progress 2024-01-22 16:52:40 +01:00			`private val primaryKey =`
			`BaseOpenPgpKeyBuilder.BaseV4PrimaryKeyBuilder(keyType, referenceTime, policy)`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00
Progress 2024-01-22 16:52:40 +01:00			`private val subkeys = mutableListOf<BaseOpenPgpKeyBuilder.BaseV4SubkeyBuilder>()`
Progress 2024-01-08 13:51:16 +01:00
Progress 2024-01-22 16:52:40 +01:00			`fun addUserId(`
Further progress 2024-01-11 16:44:21 +01:00			`userId: CharSequence,`
Progress 2024-01-22 16:52:40 +01:00			`algorithmSuite: AlgorithmSuite = keyGenerationPolicy,`
Progress 2024-01-24 11:27:42 +01:00			`subpacketsCallback: SelfSignatureSubpackets.Callback = SelfSignatureSubpackets.nop()`
			`) = apply {`
			`primaryKey.userId(userId, algorithmSuite, subpacketsCallback = subpacketsCallback)`
			`}`
Further progress 2024-01-11 16:44:21 +01:00
Progress 2024-01-22 16:52:40 +01:00			`fun addUserAttribute(`
			`attribute: PGPUserAttributeSubpacketVector,`
			`algorithmSuite: AlgorithmSuite = keyGenerationPolicy,`
Progress 2024-01-24 11:27:42 +01:00			`subpacketsCallback: SelfSignatureSubpackets.Callback = SelfSignatureSubpackets.nop()`
			`) = apply {`
			`primaryKey.userAttribute(`
			`attribute, algorithmSuite, subpacketsCallback = subpacketsCallback)`
			`}`
Further progress 2024-01-11 16:44:21 +01:00
Progress 2024-01-22 16:52:40 +01:00			`fun addSubkey(`
			`keyType: KeyType,`
			`creationTime: Date = referenceTime,`
Further progress 2024-01-11 16:44:21 +01:00			`bindingTime: Date = creationTime,`
Progress 2024-01-22 16:52:40 +01:00			`keyFlags: List<KeyFlag>?`
			`) =`
			`addSubkey(`
			`BaseOpenPgpKeyBuilder.BaseV4SubkeyBuilder(`
			`keyType, creationTime, policy, primaryKey),`
			`bindingTime,`
			`keyFlags)`

			`fun addSubkey(`
			`subkeyBuilder: BaseOpenPgpKeyBuilder.BaseV4SubkeyBuilder,`
			`bindingTime: Date = subkeyBuilder.creationTime,`
			`keyFlags: List<KeyFlag>?`
Further progress 2024-01-11 16:44:21 +01:00			`) = apply {`
Progress 2024-01-22 16:52:40 +01:00			`subkeys.add(`
			`subkeyBuilder.also {`
			`it.bindingSignature(`
			`bindingTime,`
			`subpacketsCallback =`
			`object : SelfSignatureSubpackets.Callback {`
			`override fun modifyHashedSubpackets(`
			`hashedSubpackets: SelfSignatureSubpackets`
			`) {`
			`hashedSubpackets.setSignatureCreationTime(bindingTime)`
			`keyFlags?.let { flagList ->`
			`hashedSubpackets.setKeyFlags(flagList)`
			`}`
			`}`
			`})`
			`})`
Further progress 2024-01-11 16:44:21 +01:00			`}`

Progress 2024-01-22 16:52:40 +01:00			`fun addEncryptionSubkey(`
			`keyType: KeyType,`
			`creationTime: Date = referenceTime,`
			`bindingTime: Date = creationTime`
			`) =`
			`addSubkey(`
			`keyType,`
			`creationTime,`
			`bindingTime,`
			`listOf(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))`

			`fun addSigningSubkey(`
			`keyType: KeyType,`
			`creationTime: Date = referenceTime,`
			`bindingTime: Date = creationTime`
			`) = addSubkey(keyType, creationTime, bindingTime, listOf(KeyFlag.SIGN_DATA))`

			`fun build(`
			`protector: SecretKeyRingProtector = SecretKeyRingProtector.unprotectedKeys()`
			`): PGPSecretKeyRing {`
Better differentiate Base- and OpenPgpKeyBuilder 2024-01-22 17:17:26 +01:00
			`// Add DK sig in case of no user-id`
			`if (primaryKey.isWithoutUserIds()) {`
Progress 2024-01-24 11:27:42 +01:00			`primaryKey.directKeySignature(`
			`subpacketsCallback = defaultPrimarySubpacketsCallback())`
Better differentiate Base- and OpenPgpKeyBuilder 2024-01-22 17:17:26 +01:00			`}`

Progress 2024-01-22 16:52:40 +01:00			`return PGPSecretKeyRing(`
			`mutableListOf(`
			`PGPSecretKey(`
			`primaryKey.key.privateKey,`
			`primaryKey.key.publicKey,`
			`ImplementationFactory.getInstance().v4FingerprintCalculator,`
			`true,`
			`protector.getEncryptor(primaryKey.key.keyID)))`
			`.plus(`
			`subkeys.map {`
			`PGPSecretKey(`
			`it.key.privateKey,`
			`it.key.publicKey,`
			`ImplementationFactory.getInstance().v4FingerprintCalculator,`
			`false,`
			`protector.getEncryptor(it.key.keyID))`
			`}))`
			`}`
Further progress 2024-01-11 16:44:21 +01:00
Progress 2024-01-22 16:52:40 +01:00			`private fun defaultPrimarySubpacketsCallback(): SelfSignatureSubpackets.Callback =`
			`object : SelfSignatureSubpackets.Callback {`
			`override fun modifyHashedSubpackets(hashedSubpackets: SelfSignatureSubpackets) {`
			`hashedSubpackets.apply {`
			`setPreferredHashAlgorithms(keyGenerationPolicy.hashAlgorithms)`
Progress 2024-01-24 11:27:42 +01:00			`setPreferredSymmetricKeyAlgorithms(`
			`keyGenerationPolicy.symmetricKeyAlgorithms)`
Progress 2024-01-22 16:52:40 +01:00			`setPreferredCompressionAlgorithms(keyGenerationPolicy.compressionAlgorithms)`
			`setKeyFlags(KeyFlag.CERTIFY_OTHER)`
			`}`
			`}`
Further progress 2024-01-11 16:44:21 +01:00			`}`

Progress 2024-01-22 16:52:40 +01:00			`private fun toSecretKey(`
			`key: BaseOpenPgpKeyBuilder.BaseV4KeyBuilder<*>,`
			`isPrimaryKey: Boolean,`
			`encryptor: PBESecretKeyEncryptor?`
			`): PGPSecretKey {`
			`return PGPSecretKey(`
			`key.key.privateKey,`
			`key.key.publicKey,`
			`ImplementationFactory.getInstance().v4FingerprintCalculator,`
			`isPrimaryKey,`
			`encryptor)`
Progress 2024-01-08 13:51:16 +01:00			`}`
			`}`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`}`