2018-06-13 17:26:48 +02:00
|
|
|
/*
|
|
|
|
* Copyright 2018 Paul Schaub.
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
2018-07-18 18:23:06 +02:00
|
|
|
package org.pgpainless.encryption_signing;
|
2018-06-04 19:45:18 +02:00
|
|
|
|
2018-06-05 01:30:58 +02:00
|
|
|
import java.io.IOException;
|
2018-06-04 19:45:18 +02:00
|
|
|
import java.io.OutputStream;
|
2021-04-25 00:28:48 +02:00
|
|
|
import java.util.Date;
|
2021-04-26 13:38:12 +02:00
|
|
|
import javax.annotation.Nonnull;
|
2018-06-28 18:25:11 +02:00
|
|
|
|
2018-06-05 01:30:58 +02:00
|
|
|
import org.bouncycastle.openpgp.PGPException;
|
2018-06-04 19:45:18 +02:00
|
|
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
|
|
|
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
|
|
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
2021-04-30 10:23:12 +02:00
|
|
|
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
2021-05-06 00:04:03 +02:00
|
|
|
import org.pgpainless.algorithm.DocumentSignatureType;
|
2021-04-25 00:28:48 +02:00
|
|
|
import org.pgpainless.algorithm.StreamEncoding;
|
2020-08-24 16:00:23 +02:00
|
|
|
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
2021-05-06 00:04:03 +02:00
|
|
|
import org.pgpainless.exception.KeyValidationException;
|
2018-07-18 18:23:06 +02:00
|
|
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
2020-12-26 19:04:27 +01:00
|
|
|
import org.pgpainless.util.Passphrase;
|
2018-06-04 19:45:18 +02:00
|
|
|
|
|
|
|
public interface EncryptionBuilderInterface {
|
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Create a {@link EncryptionStream} on an {@link OutputStream} that contains the plain data that
|
|
|
|
* shall be encrypted and or signed.
|
|
|
|
*
|
|
|
|
* @param outputStream output stream of the plain data.
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
default ToRecipientsOrNoEncryption onOutputStream(@Nonnull OutputStream outputStream) {
|
2021-04-25 00:28:48 +02:00
|
|
|
return onOutputStream(outputStream, OpenPgpMetadata.FileInfo.binaryStream());
|
2021-04-07 21:30:51 +02:00
|
|
|
}
|
|
|
|
/**
|
|
|
|
* Create a {@link EncryptionStream} on an {@link OutputStream} that contains the plain data which shall
|
|
|
|
* be encrypted and/or signed.
|
|
|
|
*
|
|
|
|
* @param outputStream outputStream
|
|
|
|
* @param forYourEyesOnly flag indicating that the data is intended for the recipients eyes only
|
|
|
|
* @return api handle
|
2021-04-25 00:28:48 +02:00
|
|
|
*
|
|
|
|
* @deprecated use {@link #onOutputStream(OutputStream, OpenPgpMetadata.FileInfo)} instead.
|
2021-04-07 21:30:51 +02:00
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
default ToRecipientsOrNoEncryption onOutputStream(@Nonnull OutputStream outputStream, boolean forYourEyesOnly) {
|
2021-04-25 00:28:48 +02:00
|
|
|
return onOutputStream(outputStream, forYourEyesOnly ? OpenPgpMetadata.FileInfo.forYourEyesOnly() : OpenPgpMetadata.FileInfo.binaryStream());
|
2021-04-07 21:30:51 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Creates a {@link EncryptionStream} on an {@link OutputStream} that contains the plain data which shall
|
|
|
|
* be encrypted and/or signed.
|
|
|
|
*
|
|
|
|
* @param outputStream outputStream
|
|
|
|
* @param fileName name of the file (or "" if the encrypted data is not a file)
|
|
|
|
* @param forYourEyesOnly flag indicating that the data is intended for the recipients eyes only
|
|
|
|
* @return api handle
|
2021-04-25 00:28:48 +02:00
|
|
|
*
|
|
|
|
* @deprecated use {@link #onOutputStream(OutputStream, OpenPgpMetadata.FileInfo)} instead.
|
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
default ToRecipientsOrNoEncryption onOutputStream(@Nonnull OutputStream outputStream, String fileName, boolean forYourEyesOnly) {
|
2021-04-25 00:28:48 +02:00
|
|
|
return onOutputStream(outputStream, new OpenPgpMetadata.FileInfo(forYourEyesOnly ? "_CONSOLE" : fileName, new Date(), StreamEncoding.BINARY));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create an {@link EncryptionStream} on an {@link OutputStream} that contains the plain data which shall
|
|
|
|
* be encrypted and/or signed.
|
|
|
|
*
|
|
|
|
* @param outputStream outputStream
|
|
|
|
* @param fileInfo file information
|
|
|
|
* @return api handle
|
2021-04-07 21:30:51 +02:00
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
ToRecipientsOrNoEncryption onOutputStream(@Nonnull OutputStream outputStream, OpenPgpMetadata.FileInfo fileInfo);
|
2018-06-04 19:45:18 +02:00
|
|
|
|
2021-05-06 00:04:03 +02:00
|
|
|
interface ToRecipientsOrNoEncryption extends ToRecipients {
|
2018-06-04 19:45:18 +02:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
2021-05-06 00:04:03 +02:00
|
|
|
* Create an {@link EncryptionStream} with the given options (recipients, signers, algorithms...).
|
2020-08-24 16:00:23 +02:00
|
|
|
*
|
2021-05-06 00:04:03 +02:00
|
|
|
* @param options options
|
|
|
|
* @return encryption strea
|
2020-08-24 16:00:23 +02:00
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
EncryptionStream withOptions(ProducerOptions options) throws PGPException, IOException;
|
2018-06-04 19:45:18 +02:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
2021-05-06 00:04:03 +02:00
|
|
|
* Instruct the {@link EncryptionStream} to not encrypt any data.
|
2020-08-24 16:00:23 +02:00
|
|
|
*
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
SignWithOrDontSign doNotEncrypt();
|
|
|
|
}
|
2018-07-08 17:22:29 +02:00
|
|
|
|
2021-05-06 00:04:03 +02:00
|
|
|
interface ToRecipients {
|
2020-12-26 19:04:27 +01:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
2021-05-06 00:04:03 +02:00
|
|
|
* Encrypt for the given valid public key.
|
2021-06-26 19:20:58 +02:00
|
|
|
* With this method, the recipient key is being addressed by key-id,
|
|
|
|
* so this method prioritizes algorithm preferences from the keys direct-key signature.
|
2020-08-24 16:00:23 +02:00
|
|
|
*
|
2021-05-06 00:04:03 +02:00
|
|
|
* @param key recipient key for which the message will be encrypted.
|
2020-08-24 16:00:23 +02:00
|
|
|
* @return api handle
|
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
AdditionalRecipients toRecipient(@Nonnull PGPPublicKeyRing key);
|
2018-06-04 19:45:18 +02:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
2021-05-06 00:04:03 +02:00
|
|
|
* Encrypt for the given valid key using the provided user-id signature to determine preferences.
|
2020-08-24 16:00:23 +02:00
|
|
|
*
|
2021-05-06 00:04:03 +02:00
|
|
|
* @param key public key
|
|
|
|
* @param userId user-id which is used to select the correct encryption parameters based on preferences.
|
2020-08-24 16:00:23 +02:00
|
|
|
* @return api handle
|
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
AdditionalRecipients toRecipient(@Nonnull PGPPublicKeyRing key, @Nonnull String userId);
|
2018-06-11 01:33:49 +02:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
2021-05-06 00:04:03 +02:00
|
|
|
* Encrypt for the first valid key in the provided keys collection which has a valid user-id that matches
|
|
|
|
* the provided userId.
|
|
|
|
* The user-id is also used to determine encryption preferences.
|
2020-08-24 16:00:23 +02:00
|
|
|
*
|
2021-05-06 00:04:03 +02:00
|
|
|
* @param keys collection of keys
|
|
|
|
* @param userId user-id used to select the correct key
|
2020-08-24 16:00:23 +02:00
|
|
|
* @return api handle
|
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
AdditionalRecipients toRecipient(@Nonnull PGPPublicKeyRingCollection keys, @Nonnull String userId);
|
2018-07-08 18:05:55 +02:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
2021-05-06 00:04:03 +02:00
|
|
|
* Encrypt for all valid public keys in the provided collection.
|
2021-06-26 19:20:58 +02:00
|
|
|
* If any key is not eligible for encryption (e.g. expired, revoked...),
|
|
|
|
* an {@link IllegalArgumentException} will be thrown.
|
2020-08-24 16:00:23 +02:00
|
|
|
*
|
2021-05-06 00:04:03 +02:00
|
|
|
* @param keys collection of public keys
|
2020-08-24 16:00:23 +02:00
|
|
|
* @return api handle
|
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
AdditionalRecipients toRecipients(@Nonnull PGPPublicKeyRingCollection keys);
|
2018-06-04 19:45:18 +02:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
2021-05-06 00:04:03 +02:00
|
|
|
* Symmetrically encrypt the message using a passphrase.
|
|
|
|
* Note that the passphrase MUST NOT be empty.
|
2020-08-24 16:00:23 +02:00
|
|
|
*
|
2021-05-06 00:04:03 +02:00
|
|
|
* @param passphrase passphrase
|
2020-08-24 16:00:23 +02:00
|
|
|
* @return api handle
|
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
AdditionalRecipients forPassphrase(Passphrase passphrase);
|
2020-12-26 19:04:27 +01:00
|
|
|
|
2020-08-24 14:55:06 +02:00
|
|
|
}
|
|
|
|
|
2021-05-06 00:04:03 +02:00
|
|
|
interface AdditionalRecipients {
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
2021-05-06 00:04:03 +02:00
|
|
|
* Add an additional recipient key/passphrase or configure signing.
|
2020-08-24 16:00:23 +02:00
|
|
|
*
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
ToRecipientsOrSign and();
|
|
|
|
}
|
|
|
|
|
|
|
|
// Allow additional recipient or signing configuration
|
|
|
|
interface ToRecipientsOrSign extends ToRecipients, SignWithOrDontSign {
|
|
|
|
}
|
2020-08-24 14:55:06 +02:00
|
|
|
|
2021-05-06 00:04:03 +02:00
|
|
|
// Allow signing configuration or no signing at all
|
|
|
|
interface SignWithOrDontSign extends SignWith {
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Do not sign the plain data at all.
|
|
|
|
*
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2020-08-24 14:55:06 +02:00
|
|
|
Armor doNotSign();
|
2018-06-04 19:45:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
interface SignWith {
|
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Pass in a list of secret keys used for signing, along with a {@link SecretKeyRingProtector} used to unlock
|
|
|
|
* the secret keys.
|
|
|
|
*
|
2021-05-06 00:04:03 +02:00
|
|
|
* @deprecated use {@link #signInlineWith(SecretKeyRingProtector, PGPSecretKeyRing)} instead.
|
2020-08-24 16:00:23 +02:00
|
|
|
* @param decryptor {@link SecretKeyRingProtector} used to unlock the secret keys
|
|
|
|
* @param keyRings secret keys used for signing
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2021-05-06 00:04:03 +02:00
|
|
|
@Deprecated
|
2021-05-20 13:42:52 +02:00
|
|
|
AdditionalSignWith signWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRing... keyRings) throws KeyValidationException, PGPException;
|
2020-08-24 16:00:23 +02:00
|
|
|
|
2021-05-06 00:04:03 +02:00
|
|
|
/**
|
|
|
|
* Sign inline using the passed in secret keys.
|
|
|
|
*
|
|
|
|
* @deprecated use {@link #signInlineWith(SecretKeyRingProtector, PGPSecretKeyRing)} instead.
|
|
|
|
* @param decryptor for unlocking the secret keys
|
|
|
|
* @param keyRings secret keys
|
|
|
|
* @return api handle
|
|
|
|
*/
|
|
|
|
@Deprecated
|
2021-05-20 13:42:52 +02:00
|
|
|
AdditionalSignWith signWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRingCollection keyRings) throws KeyValidationException, PGPException;
|
2021-04-30 10:23:12 +02:00
|
|
|
|
2021-05-06 00:04:03 +02:00
|
|
|
/**
|
|
|
|
* Create an inline signature using the provided secret key.
|
|
|
|
* The signature will be of type {@link DocumentSignatureType#BINARY_DOCUMENT}.
|
|
|
|
*
|
|
|
|
* @param secretKeyDecryptor for unlocking the secret key
|
|
|
|
* @param signingKey signing key
|
|
|
|
* @return api handle
|
|
|
|
*/
|
|
|
|
default AdditionalSignWith signInlineWith(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull PGPSecretKeyRing signingKey) throws PGPException, KeyValidationException {
|
|
|
|
return signInlineWith(secretKeyDecryptor, signingKey, null);
|
|
|
|
}
|
2018-06-04 19:45:18 +02:00
|
|
|
|
2021-05-06 00:04:03 +02:00
|
|
|
/**
|
|
|
|
* Create an inline signature using the provided secret key.
|
|
|
|
* If userId is not null, the preferences of the matching user-id on the key will be used for signing.
|
|
|
|
* The signature will be of type {@link DocumentSignatureType#BINARY_DOCUMENT}.
|
|
|
|
*
|
|
|
|
* @param secretKeyDecryptor for unlocking the secret key
|
|
|
|
* @param signingKey signing key
|
|
|
|
* @param userId userId whose preferences shall be used for signing
|
|
|
|
* @return api handle
|
|
|
|
*/
|
|
|
|
default AdditionalSignWith signInlineWith(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull PGPSecretKeyRing signingKey, String userId) throws PGPException, KeyValidationException {
|
|
|
|
return signInlineWith(secretKeyDecryptor, signingKey, userId, DocumentSignatureType.BINARY_DOCUMENT);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create an inline signature using the provided secret key with the algorithm preferences of the provided user-id.
|
|
|
|
*
|
|
|
|
* @param secretKeyDecryptor for unlocking the secret key
|
|
|
|
* @param signingKey signing key
|
|
|
|
* @param userId user-id whose preferences shall be used for signing
|
|
|
|
* @param signatureType signature type
|
|
|
|
* @return api handle
|
|
|
|
*/
|
|
|
|
AdditionalSignWith signInlineWith(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull PGPSecretKeyRing signingKey, String userId, DocumentSignatureType signatureType) throws KeyValidationException, PGPException;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a detached signature using the provided secret key.
|
|
|
|
*
|
|
|
|
* @param secretKeyDecryptor for unlocking the secret key
|
|
|
|
* @param signingKey signing key
|
|
|
|
* @return api handle
|
|
|
|
*/
|
|
|
|
default AdditionalSignWith signDetachedWith(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull PGPSecretKeyRing signingKey) throws PGPException, KeyValidationException {
|
|
|
|
return signDetachedWith(secretKeyDecryptor, signingKey, null);
|
|
|
|
}
|
2020-12-16 16:33:14 +01:00
|
|
|
|
2021-05-06 00:04:03 +02:00
|
|
|
/**
|
|
|
|
* Create a detached signature using the provided secret key with the algorithm preferences of the provided user-id.
|
|
|
|
*
|
|
|
|
* @param secretKeyDecryptor for unlocking the secret key
|
|
|
|
* @param signingKey signing key
|
|
|
|
* @param userId user-id whose preferences shall be used for signing
|
|
|
|
* @return api handle
|
|
|
|
*/
|
|
|
|
default AdditionalSignWith signDetachedWith(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull PGPSecretKeyRing signingKey, String userId) throws PGPException, KeyValidationException {
|
|
|
|
return signDetachedWith(secretKeyDecryptor, signingKey, userId, DocumentSignatureType.BINARY_DOCUMENT);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a detached signature using the provided secret key with the algorithm preferences of the provided user-id.
|
|
|
|
*
|
|
|
|
* @param secretKeyDecryptor for unlocking the secret key
|
|
|
|
* @param signingKey signing key
|
|
|
|
* @param userId user-id whose preferences shall be used for signing
|
|
|
|
* @param signatureType type of the signature
|
|
|
|
* @return api handle
|
|
|
|
*/
|
|
|
|
AdditionalSignWith signDetachedWith(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull PGPSecretKeyRing signingKey, String userId, DocumentSignatureType signatureType) throws PGPException, KeyValidationException;
|
|
|
|
}
|
2020-12-16 16:33:14 +01:00
|
|
|
|
2021-05-06 00:04:03 +02:00
|
|
|
interface AdditionalSignWith extends Armor {
|
|
|
|
/**
|
|
|
|
* Add an additional signing key/method.
|
|
|
|
*
|
|
|
|
* @return api handle
|
|
|
|
*/
|
|
|
|
SignWith and();
|
2020-12-16 16:33:14 +01:00
|
|
|
}
|
|
|
|
|
2018-06-04 19:45:18 +02:00
|
|
|
interface Armor {
|
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Wrap the encrypted/signed output in an ASCII armor.
|
|
|
|
* This can come in handy for sending the encrypted message via eg. email.
|
|
|
|
*
|
|
|
|
* @return encryption stream
|
|
|
|
* @throws IOException in case some I/O error occurs
|
|
|
|
* @throws PGPException in case of some malformed pgp data
|
|
|
|
*/
|
2018-06-27 15:09:39 +02:00
|
|
|
EncryptionStream asciiArmor() throws IOException, PGPException;
|
2018-06-04 19:45:18 +02:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Do not wrap the output in an ASCII armor.
|
|
|
|
*
|
|
|
|
* @return encryption stream
|
|
|
|
* @throws IOException in case some I/O error occurs
|
|
|
|
* @throws PGPException in case of some malformed pgp data
|
|
|
|
*/
|
2018-06-27 15:09:39 +02:00
|
|
|
EncryptionStream noArmor() throws IOException, PGPException;
|
2018-06-04 19:45:18 +02:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|