pgpainless/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/OpenPgpKeyBuilder.kt

package org.pgpainless.key.generation

import java.security.KeyPairGenerator
import java.util.*
import org.bouncycastle.bcpg.PublicSubkeyPacket
import org.bouncycastle.openpgp.PGPKeyPair
import org.bouncycastle.openpgp.PGPPrivateKey
import org.bouncycastle.openpgp.PGPPublicKey
import org.bouncycastle.openpgp.PGPSignature
import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector
import org.pgpainless.algorithm.CertificationType
import org.pgpainless.algorithm.HashAlgorithm
import org.pgpainless.algorithm.KeyFlag
import org.pgpainless.implementation.ImplementationFactory
import org.pgpainless.key.generation.type.KeyType
import org.pgpainless.policy.Policy
import org.pgpainless.provider.ProviderFactory
import org.pgpainless.signature.builder.DirectKeySelfSignatureBuilder
import org.pgpainless.signature.builder.PrimaryKeyBindingSignatureBuilder
import org.pgpainless.signature.builder.SelfSignatureBuilder
import org.pgpainless.signature.builder.SubkeyBindingSignatureBuilder
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets

class OpenPgpKeyBuilder {

    fun buildV4Key(
        type: KeyType,
        creationTime: Date = Date(),
        policy: Policy
    ): V4PrimaryKeyBuilder = V4PrimaryKeyBuilder(type, creationTime, policy)

    abstract class V4KeyBuilder<T : V4KeyBuilder<T>>(
        val type: KeyType,
        val creationTime: Date,
        val certificateCreationTime: Date = Date(),
        val policy: Policy
    ) {

        internal var key = generateKeyPair()

        fun subkey(type: KeyType, creationTime: Date = certificateCreationTime): V4SubkeyBuilder =
            V4SubkeyBuilder(type, creationTime, policy, primaryKey())

        internal abstract fun primaryKey(): V4PrimaryKeyBuilder

        private fun generateKeyPair(): PGPKeyPair {
            // Create raw Key Pair
            val keyPair =
                KeyPairGenerator.getInstance(type.name, ProviderFactory.provider)
                    .also { it.initialize(type.algorithmSpec) }
                    .generateKeyPair()

            // Form PGP Key Pair
            return ImplementationFactory.getInstance()
                .getPGPV4KeyPair(type.algorithm, keyPair, creationTime)
                .let { adjustKeyPacket(it) }
        }

        /**
         * Make sure, the PGP key packet is a subkey packet for subkeys, and a primary key packet
         * for primary keys.
         */
        protected abstract fun adjustKeyPacket(keyPair: PGPKeyPair): PGPKeyPair
    }

    class V4PrimaryKeyBuilder(type: KeyType, creationTime: Date, policy: Policy) :
        V4KeyBuilder<V4PrimaryKeyBuilder>(type, creationTime, policy = policy) {

        fun userId(
            userId: CharSequence,
            certificationType: CertificationType = CertificationType.POSITIVE,
            bindingTime: Date = creationTime,
            hashAlgorithm: HashAlgorithm =
                policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm,
            subpacketsCallback: SelfSignatureSubpackets.Callback =
                SelfSignatureSubpackets.defaultCallback()
        ) = apply {
            val sig =
                buildCertificationFor(
                    userId, certificationType, bindingTime, hashAlgorithm, subpacketsCallback)
            key =
                PGPKeyPair(
                    PGPPublicKey.addCertification(key.publicKey, userId.toString(), sig),
                    key.privateKey)
        }

        fun buildCertificationFor(
            userId: CharSequence,
            certificationType: CertificationType,
            bindingTime: Date,
            hashAlgorithm: HashAlgorithm,
            subpacketsCallback: SelfSignatureSubpackets.Callback
        ): PGPSignature {
            val builder =
                SelfSignatureBuilder(
                    key.privateKey, key.publicKey, certificationType.signatureType, hashAlgorithm)
            builder.hashedSubpackets.setSignatureCreationTime(bindingTime)
            builder.applyCallback(subpacketsCallback)
            return builder.build(userId)
        }

        fun userAttribute(
            userAttribute: PGPUserAttributeSubpacketVector,
            certificationType: CertificationType = CertificationType.POSITIVE,
            bindingTime: Date = creationTime,
            hashAlgorithm: HashAlgorithm =
                policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm,
            subpacketsCallback: SelfSignatureSubpackets.Callback =
                SelfSignatureSubpackets.defaultCallback()
        ) = apply {
            val sig =
                buildCertificationFor(
                    userAttribute,
                    certificationType,
                    bindingTime,
                    hashAlgorithm,
                    subpacketsCallback)
            key =
                PGPKeyPair(
                    PGPPublicKey.addCertification(key.publicKey, userAttribute, sig),
                    key.privateKey)
        }

        fun buildCertificationFor(
            userAttribute: PGPUserAttributeSubpacketVector,
            certificationType: CertificationType,
            bindingTime: Date,
            hashAlgorithm: HashAlgorithm,
            subpacketsCallback: SelfSignatureSubpackets.Callback
        ): PGPSignature {
            val builder =
                SelfSignatureBuilder(
                    key.privateKey, key.publicKey, certificationType.signatureType, hashAlgorithm)
            builder.hashedSubpackets.setSignatureCreationTime(bindingTime)
            builder.applyCallback(subpacketsCallback)
            return builder.build(userAttribute)
        }

        fun directKeySignature(
            bindingTime: Date = creationTime,
            hashAlgorithm: HashAlgorithm =
                policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm(),
            subpacketsCallback: SelfSignatureSubpackets.Callback =
                SelfSignatureSubpackets.defaultCallback()
        ) = apply {
            val sig = buildDirectKeySignature(bindingTime, hashAlgorithm, subpacketsCallback)
            key = PGPKeyPair(PGPPublicKey.addCertification(key.publicKey, sig), key.privateKey)
        }

        fun buildDirectKeySignature(
            bindingTime: Date,
            hashAlgorithm: HashAlgorithm,
            subpacketsCallback: SelfSignatureSubpackets.Callback
        ): PGPSignature {
            val builder =
                DirectKeySelfSignatureBuilder(key.privateKey, key.publicKey, hashAlgorithm)

            builder.hashedSubpackets.setSignatureCreationTime(bindingTime)
            builder.applyCallback(subpacketsCallback)

            return builder.build()
        }

        override fun adjustKeyPacket(keyPair: PGPKeyPair): PGPKeyPair {
            return keyPair // is already a secret key packet
        }

        override fun primaryKey() = this
    }

    class V4SubkeyBuilder(
        type: KeyType,
        creationTime: Date,
        policy: Policy,
        private val primaryKeyBuilder: V4PrimaryKeyBuilder
    ) : V4KeyBuilder<V4SubkeyBuilder>(type, creationTime, policy = policy) {

        fun bindingSignature(
            bindingTime: Date = creationTime,
            hashAlgorithm: HashAlgorithm =
                policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm,
            subpacketsCallback: SelfSignatureSubpackets.Callback =
                SelfSignatureSubpackets.defaultCallback()
        ) = apply {
            val sig = buildBindingSignature(bindingTime, hashAlgorithm, subpacketsCallback)
            key = PGPKeyPair(PGPPublicKey.addCertification(key.publicKey, sig), key.privateKey)
        }

        fun buildBindingSignature(
            bindingTime: Date = creationTime,
            hashAlgorithm: HashAlgorithm =
                policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm,
            subpacketsCallback: SelfSignatureSubpackets.Callback =
                SelfSignatureSubpackets.defaultCallback()
        ): PGPSignature {
            val builder =
                SubkeyBindingSignatureBuilder(
                    primaryKeyBuilder.key.privateKey,
                    primaryKeyBuilder.key.publicKey,
                    hashAlgorithm)

            builder.hashedSubpackets.setSignatureCreationTime(bindingTime)
            builder.applyCallback(subpacketsCallback)

            if (builder.hashedSubpackets.getKeyFlags().orEmpty().contains(KeyFlag.SIGN_DATA) &&
                builder.hashedSubpackets.getEmbeddedSignaturePackets().isEmpty()) {

                // Create back-sig
                val backSigBuilder =
                    PrimaryKeyBindingSignatureBuilder(key.privateKey, key.publicKey, hashAlgorithm)

                backSigBuilder.hashedSubpackets.setSignatureCreationTime(bindingTime)

                val backSig = backSigBuilder.build(primaryKey().key.publicKey)
                builder.hashedSubpackets.addEmbeddedSignature(backSig)
            }

            return builder.build(key.publicKey)
        }

        override fun adjustKeyPacket(keyPair: PGPKeyPair): PGPKeyPair {
            val fpCalc = ImplementationFactory.getInstance().keyFingerprintCalculator
            val pubkey = keyPair.publicKey
            val privkey = keyPair.privateKey
            // form subkey packet
            val subkey =
                PublicSubkeyPacket(
                    pubkey.algorithm, pubkey.creationTime, pubkey.publicKeyPacket.key)
            return PGPKeyPair(
                PGPPublicKey(subkey, fpCalc),
                PGPPrivateKey(pubkey.keyID, subkey, privkey.privateKeyDataPacket))
        }

        override fun primaryKey() = primaryKeyBuilder.primaryKey()
    }
}
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`package org.pgpainless.key.generation`

Further progress 2024-01-11 16:44:21 +01:00			`import java.security.KeyPairGenerator`
			`import java.util.*`
Progress 2024-01-08 13:51:16 +01:00			`import org.bouncycastle.bcpg.PublicSubkeyPacket`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`import org.bouncycastle.openpgp.PGPKeyPair`
Progress 2024-01-08 13:51:16 +01:00			`import org.bouncycastle.openpgp.PGPPrivateKey`
			`import org.bouncycastle.openpgp.PGPPublicKey`
Further progress 2024-01-11 16:44:21 +01:00			`import org.bouncycastle.openpgp.PGPSignature`
			`import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector`
			`import org.pgpainless.algorithm.CertificationType`
Progress 2024-01-08 13:51:16 +01:00			`import org.pgpainless.algorithm.HashAlgorithm`
Further progress 2024-01-11 16:44:21 +01:00			`import org.pgpainless.algorithm.KeyFlag`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`import org.pgpainless.implementation.ImplementationFactory`
			`import org.pgpainless.key.generation.type.KeyType`
Further progress 2024-01-11 16:44:21 +01:00			`import org.pgpainless.policy.Policy`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`import org.pgpainless.provider.ProviderFactory`
Further progress 2024-01-11 16:44:21 +01:00			`import org.pgpainless.signature.builder.DirectKeySelfSignatureBuilder`
			`import org.pgpainless.signature.builder.PrimaryKeyBindingSignatureBuilder`
Progress 2024-01-08 13:51:16 +01:00			`import org.pgpainless.signature.builder.SelfSignatureBuilder`
			`import org.pgpainless.signature.builder.SubkeyBindingSignatureBuilder`
			`import org.pgpainless.signature.subpackets.SelfSignatureSubpackets`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00
			`class OpenPgpKeyBuilder {`

			`fun buildV4Key(`
			`type: KeyType,`
Further progress 2024-01-11 16:44:21 +01:00			`creationTime: Date = Date(),`
			`policy: Policy`
			`): V4PrimaryKeyBuilder = V4PrimaryKeyBuilder(type, creationTime, policy)`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00
Further progress 2024-01-11 16:44:21 +01:00			`abstract class V4KeyBuilder<T : V4KeyBuilder<T>>(`
Progress 2024-01-08 13:51:16 +01:00			`val type: KeyType,`
			`val creationTime: Date,`
Further progress 2024-01-11 16:44:21 +01:00			`val certificateCreationTime: Date = Date(),`
			`val policy: Policy`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`) {`

Progress 2024-01-08 13:51:16 +01:00			`internal var key = generateKeyPair()`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00
Further progress 2024-01-11 16:44:21 +01:00			`fun subkey(type: KeyType, creationTime: Date = certificateCreationTime): V4SubkeyBuilder =`
			`V4SubkeyBuilder(type, creationTime, policy, primaryKey())`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00
Progress 2024-01-08 13:51:16 +01:00			`internal abstract fun primaryKey(): V4PrimaryKeyBuilder`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00
			`private fun generateKeyPair(): PGPKeyPair {`
			`// Create raw Key Pair`
Further progress 2024-01-11 16:44:21 +01:00			`val keyPair =`
			`KeyPairGenerator.getInstance(type.name, ProviderFactory.provider)`
			`.also { it.initialize(type.algorithmSpec) }`
			`.generateKeyPair()`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00
			`// Form PGP Key Pair`
			`return ImplementationFactory.getInstance()`
			`.getPGPV4KeyPair(type.algorithm, keyPair, creationTime)`
Further progress 2024-01-11 16:44:21 +01:00			`.let { adjustKeyPacket(it) }`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`}`
Progress 2024-01-08 13:51:16 +01:00
Further progress 2024-01-11 16:44:21 +01:00			`/**`
			`* Make sure, the PGP key packet is a subkey packet for subkeys, and a primary key packet`
			`* for primary keys.`
			`*/`
Progress 2024-01-08 13:51:16 +01:00			`protected abstract fun adjustKeyPacket(keyPair: PGPKeyPair): PGPKeyPair`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`}`

Further progress 2024-01-11 16:44:21 +01:00			`class V4PrimaryKeyBuilder(type: KeyType, creationTime: Date, policy: Policy) :`
			`V4KeyBuilder<V4PrimaryKeyBuilder>(type, creationTime, policy = policy) {`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00
Progress 2024-01-08 13:51:16 +01:00			`fun userId(`
			`userId: CharSequence,`
Further progress 2024-01-11 16:44:21 +01:00			`certificationType: CertificationType = CertificationType.POSITIVE,`
Progress 2024-01-08 13:51:16 +01:00			`bindingTime: Date = creationTime,`
Further progress 2024-01-11 16:44:21 +01:00			`hashAlgorithm: HashAlgorithm =`
			`policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm,`
Progress 2024-01-08 13:51:16 +01:00			`subpacketsCallback: SelfSignatureSubpackets.Callback =`
Further progress 2024-01-11 16:44:21 +01:00			`SelfSignatureSubpackets.defaultCallback()`
			`) = apply {`
			`val sig =`
			`buildCertificationFor(`
			`userId, certificationType, bindingTime, hashAlgorithm, subpacketsCallback)`
			`key =`
			`PGPKeyPair(`
			`PGPPublicKey.addCertification(key.publicKey, userId.toString(), sig),`
			`key.privateKey)`
			`}`
Progress 2024-01-08 13:51:16 +01:00
Further progress 2024-01-11 16:44:21 +01:00			`fun buildCertificationFor(`
			`userId: CharSequence,`
			`certificationType: CertificationType,`
			`bindingTime: Date,`
			`hashAlgorithm: HashAlgorithm,`
			`subpacketsCallback: SelfSignatureSubpackets.Callback`
			`): PGPSignature {`
			`val builder =`
			`SelfSignatureBuilder(`
			`key.privateKey, key.publicKey, certificationType.signatureType, hashAlgorithm)`
			`builder.hashedSubpackets.setSignatureCreationTime(bindingTime)`
			`builder.applyCallback(subpacketsCallback)`
			`return builder.build(userId)`
			`}`

			`fun userAttribute(`
			`userAttribute: PGPUserAttributeSubpacketVector,`
			`certificationType: CertificationType = CertificationType.POSITIVE,`
			`bindingTime: Date = creationTime,`
			`hashAlgorithm: HashAlgorithm =`
			`policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm,`
			`subpacketsCallback: SelfSignatureSubpackets.Callback =`
			`SelfSignatureSubpackets.defaultCallback()`
			`) = apply {`
			`val sig =`
			`buildCertificationFor(`
			`userAttribute,`
			`certificationType,`
			`bindingTime,`
			`hashAlgorithm,`
			`subpacketsCallback)`
			`key =`
			`PGPKeyPair(`
			`PGPPublicKey.addCertification(key.publicKey, userAttribute, sig),`
			`key.privateKey)`
			`}`

			`fun buildCertificationFor(`
			`userAttribute: PGPUserAttributeSubpacketVector,`
			`certificationType: CertificationType,`
			`bindingTime: Date,`
			`hashAlgorithm: HashAlgorithm,`
			`subpacketsCallback: SelfSignatureSubpackets.Callback`
			`): PGPSignature {`
			`val builder =`
			`SelfSignatureBuilder(`
			`key.privateKey, key.publicKey, certificationType.signatureType, hashAlgorithm)`
			`builder.hashedSubpackets.setSignatureCreationTime(bindingTime)`
			`builder.applyCallback(subpacketsCallback)`
			`return builder.build(userAttribute)`
			`}`

			`fun directKeySignature(`
			`bindingTime: Date = creationTime,`
			`hashAlgorithm: HashAlgorithm =`
			`policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm(),`
			`subpacketsCallback: SelfSignatureSubpackets.Callback =`
			`SelfSignatureSubpackets.defaultCallback()`
Progress 2024-01-08 13:51:16 +01:00			`) = apply {`
Further progress 2024-01-11 16:44:21 +01:00			`val sig = buildDirectKeySignature(bindingTime, hashAlgorithm, subpacketsCallback)`
			`key = PGPKeyPair(PGPPublicKey.addCertification(key.publicKey, sig), key.privateKey)`
			`}`

			`fun buildDirectKeySignature(`
			`bindingTime: Date,`
			`hashAlgorithm: HashAlgorithm,`
			`subpacketsCallback: SelfSignatureSubpackets.Callback`
			`): PGPSignature {`
			`val builder =`
			`DirectKeySelfSignatureBuilder(key.privateKey, key.publicKey, hashAlgorithm)`

			`builder.hashedSubpackets.setSignatureCreationTime(bindingTime)`
			`builder.applyCallback(subpacketsCallback)`

			`return builder.build()`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`}`

Progress 2024-01-08 13:51:16 +01:00			`override fun adjustKeyPacket(keyPair: PGPKeyPair): PGPKeyPair {`
			`return keyPair // is already a secret key packet`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`}`
Progress 2024-01-08 13:51:16 +01:00
			`override fun primaryKey() = this`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`}`

			`class V4SubkeyBuilder(`
			`type: KeyType,`
			`creationTime: Date,`
Further progress 2024-01-11 16:44:21 +01:00			`policy: Policy,`
Progress 2024-01-08 13:51:16 +01:00			`private val primaryKeyBuilder: V4PrimaryKeyBuilder`
Further progress 2024-01-11 16:44:21 +01:00			`) : V4KeyBuilder<V4SubkeyBuilder>(type, creationTime, policy = policy) {`

			`fun bindingSignature(`
			`bindingTime: Date = creationTime,`
			`hashAlgorithm: HashAlgorithm =`
			`policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm,`
			`subpacketsCallback: SelfSignatureSubpackets.Callback =`
			`SelfSignatureSubpackets.defaultCallback()`
			`) = apply {`
			`val sig = buildBindingSignature(bindingTime, hashAlgorithm, subpacketsCallback)`
			`key = PGPKeyPair(PGPPublicKey.addCertification(key.publicKey, sig), key.privateKey)`
			`}`

			`fun buildBindingSignature(`
			`bindingTime: Date = creationTime,`
			`hashAlgorithm: HashAlgorithm =`
			`policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm,`
			`subpacketsCallback: SelfSignatureSubpackets.Callback =`
			`SelfSignatureSubpackets.defaultCallback()`
			`): PGPSignature {`
			`val builder =`
			`SubkeyBindingSignatureBuilder(`
			`primaryKeyBuilder.key.privateKey,`
			`primaryKeyBuilder.key.publicKey,`
			`hashAlgorithm)`

			`builder.hashedSubpackets.setSignatureCreationTime(bindingTime)`
			`builder.applyCallback(subpacketsCallback)`

			`if (builder.hashedSubpackets.getKeyFlags().orEmpty().contains(KeyFlag.SIGN_DATA) &&`
			`builder.hashedSubpackets.getEmbeddedSignaturePackets().isEmpty()) {`

			`// Create back-sig`
			`val backSigBuilder =`
			`PrimaryKeyBindingSignatureBuilder(key.privateKey, key.publicKey, hashAlgorithm)`

			`backSigBuilder.hashedSubpackets.setSignatureCreationTime(bindingTime)`

			`val backSig = backSigBuilder.build(primaryKey().key.publicKey)`
			`builder.hashedSubpackets.addEmbeddedSignature(backSig)`
			`}`

			`return builder.build(key.publicKey)`
Progress 2024-01-08 13:51:16 +01:00			`}`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00
Progress 2024-01-08 13:51:16 +01:00			`override fun adjustKeyPacket(keyPair: PGPKeyPair): PGPKeyPair {`
			`val fpCalc = ImplementationFactory.getInstance().keyFingerprintCalculator`
			`val pubkey = keyPair.publicKey`
			`val privkey = keyPair.privateKey`
			`// form subkey packet`
Further progress 2024-01-11 16:44:21 +01:00			`val subkey =`
			`PublicSubkeyPacket(`
			`pubkey.algorithm, pubkey.creationTime, pubkey.publicKeyPacket.key)`
Progress 2024-01-08 13:51:16 +01:00			`return PGPKeyPair(`
			`PGPPublicKey(subkey, fpCalc),`
Further progress 2024-01-11 16:44:21 +01:00			`PGPPrivateKey(pubkey.keyID, subkey, privkey.privateKeyDataPacket))`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`}`

Progress 2024-01-08 13:51:16 +01:00			`override fun primaryKey() = primaryKeyBuilder.primaryKey()`
			`}`
WIP: Work on new key generation API 2024-01-06 01:31:12 +01:00			`}`