pgpainless/pgpainless-core/src/main/java/org/pgpainless/key/protection/UnlockSecretKey.java

// Copyright 2021 Paul Schaub.
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0

package org.pgpainless.key.protection;

import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
import org.pgpainless.exception.KeyIntegrityException;
import org.pgpainless.exception.WrongPassphraseException;
import org.pgpainless.key.info.KeyInfo;
import org.pgpainless.key.util.PublicKeyParameterValidationUtil;
import org.pgpainless.util.Passphrase;

public final class UnlockSecretKey {

    private UnlockSecretKey() {

    }

    public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, SecretKeyRingProtector protector)
            throws WrongPassphraseException, KeyIntegrityException {
        try {
            PBESecretKeyDecryptor decryptor = null;
            if (KeyInfo.isEncrypted(secretKey)) {
                decryptor = protector.getDecryptor(secretKey.getKeyID());
            }
            PGPPrivateKey privateKey = secretKey.extractPrivateKey(decryptor);

            if (secretKey.getPublicKey() != null) {
                PublicKeyParameterValidationUtil.verifyPublicKeyParameterIntegrity(privateKey, secretKey.getPublicKey());
            }
            return privateKey;
        } catch (KeyIntegrityException e) {
            throw e;
        } catch (PGPException e) {
            throw new WrongPassphraseException(secretKey.getKeyID(), e);
        }
    }

    public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, PBESecretKeyDecryptor decryptor) throws WrongPassphraseException {
        try {
            return secretKey.extractPrivateKey(decryptor);
        } catch (PGPException e) {
            throw new WrongPassphraseException(secretKey.getKeyID(), e);
        }
    }

    public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, Passphrase passphrase) throws WrongPassphraseException, KeyIntegrityException {
        return unlockSecretKey(secretKey, SecretKeyRingProtector.unlockSingleKeyWith(passphrase, secretKey));
    }
}
Reuse compliance 2021-10-07 15:48:52 +02:00			`// Copyright 2021 Paul Schaub.`
			`// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>`
			`//`
			`// SPDX-License-Identifier: Apache-2.0`

Throw WrongPassphraseException when wrong passphrase is provided to unlock secret key 2021-05-14 13:18:34 +02:00			`package org.pgpainless.key.protection;`

			`import org.bouncycastle.openpgp.PGPException;`
			`import org.bouncycastle.openpgp.PGPPrivateKey;`
			`import org.bouncycastle.openpgp.PGPSecretKey;`
			`import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;`
WiP implementation of public key parameter validation 2021-11-24 18:46:29 +01:00			`import org.pgpainless.exception.KeyIntegrityException;`
Throw WrongPassphraseException when wrong passphrase is provided to unlock secret key 2021-05-14 13:18:34 +02:00			`import org.pgpainless.exception.WrongPassphraseException;`
UnlockSecretKey: Do not try to get decryptor for unencrypted keys 2021-05-31 15:38:47 +02:00			`import org.pgpainless.key.info.KeyInfo;`
WiP implementation of public key parameter validation 2021-11-24 18:46:29 +01:00			`import org.pgpainless.key.util.PublicKeyParameterValidationUtil;`
Throw WrongPassphraseException when wrong passphrase is provided to unlock secret key 2021-05-14 13:18:34 +02:00			`import org.pgpainless.util.Passphrase;`

Make classes final where sensible 2021-08-15 15:24:19 +02:00			`public final class UnlockSecretKey {`

			`private UnlockSecretKey() {`

			`}`
Throw WrongPassphraseException when wrong passphrase is provided to unlock secret key 2021-05-14 13:18:34 +02:00
			`public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, SecretKeyRingProtector protector)`
WiP implementation of public key parameter validation 2021-11-24 18:46:29 +01:00			`throws WrongPassphraseException, KeyIntegrityException {`
Throw WrongPassphraseException when wrong passphrase is provided to unlock secret key 2021-05-14 13:18:34 +02:00			`try {`
UnlockSecretKey: Do not try to get decryptor for unencrypted keys 2021-05-31 15:38:47 +02:00			`PBESecretKeyDecryptor decryptor = null;`
			`if (KeyInfo.isEncrypted(secretKey)) {`
			`decryptor = protector.getDecryptor(secretKey.getKeyID());`
			`}`
WiP implementation of public key parameter validation 2021-11-24 18:46:29 +01:00			`PGPPrivateKey privateKey = secretKey.extractPrivateKey(decryptor);`

			`if (secretKey.getPublicKey() != null) {`
			`PublicKeyParameterValidationUtil.verifyPublicKeyParameterIntegrity(privateKey, secretKey.getPublicKey());`
			`}`
			`return privateKey;`
			`} catch (KeyIntegrityException e) {`
			`throw e;`
Throw WrongPassphraseException when wrong passphrase is provided to unlock secret key 2021-05-14 13:18:34 +02:00			`} catch (PGPException e) {`
			`throw new WrongPassphraseException(secretKey.getKeyID(), e);`
			`}`
			`}`

			`public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, PBESecretKeyDecryptor decryptor) throws WrongPassphraseException {`
			`try {`
			`return secretKey.extractPrivateKey(decryptor);`
			`} catch (PGPException e) {`
			`throw new WrongPassphraseException(secretKey.getKeyID(), e);`
			`}`
			`}`

WiP implementation of public key parameter validation 2021-11-24 18:46:29 +01:00			`public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, Passphrase passphrase) throws WrongPassphraseException, KeyIntegrityException {`
Throw WrongPassphraseException when wrong passphrase is provided to unlock secret key 2021-05-14 13:18:34 +02:00			`return unlockSecretKey(secretKey, SecretKeyRingProtector.unlockSingleKeyWith(passphrase, secretKey));`
			`}`
			`}`