2021-10-07 15:48:52 +02:00
|
|
|
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
|
|
|
//
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
2021-07-15 16:55:13 +02:00
|
|
|
package org.pgpainless.sop;
|
|
|
|
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.io.OutputStream;
|
|
|
|
import java.security.InvalidAlgorithmParameterException;
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
2023-04-14 14:31:48 +02:00
|
|
|
import java.util.Arrays;
|
2021-07-15 16:55:13 +02:00
|
|
|
import java.util.Iterator;
|
|
|
|
import java.util.LinkedHashSet;
|
2023-04-14 14:31:48 +02:00
|
|
|
import java.util.List;
|
2021-07-15 16:55:13 +02:00
|
|
|
import java.util.Set;
|
|
|
|
|
|
|
|
import org.bouncycastle.bcpg.ArmoredOutputStream;
|
|
|
|
import org.bouncycastle.openpgp.PGPException;
|
|
|
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
|
|
|
import org.pgpainless.PGPainless;
|
2023-04-14 14:31:48 +02:00
|
|
|
import org.pgpainless.key.generation.type.rsa.RsaLength;
|
2021-07-15 16:55:13 +02:00
|
|
|
import org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface;
|
|
|
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
|
|
|
import org.pgpainless.util.ArmorUtils;
|
2022-06-07 08:55:10 +02:00
|
|
|
import org.pgpainless.util.Passphrase;
|
2023-04-14 14:31:48 +02:00
|
|
|
import sop.Profile;
|
2021-07-15 16:55:13 +02:00
|
|
|
import sop.Ready;
|
|
|
|
import sop.exception.SOPGPException;
|
|
|
|
import sop.operation.GenerateKey;
|
|
|
|
|
2023-01-16 19:38:52 +01:00
|
|
|
/**
|
|
|
|
* Implementation of the <pre>generate-key</pre> operation using PGPainless.
|
|
|
|
*/
|
2021-07-15 16:55:13 +02:00
|
|
|
public class GenerateKeyImpl implements GenerateKey {
|
|
|
|
|
2023-04-14 14:31:48 +02:00
|
|
|
public static final Profile DEFAULT_PROFILE = new Profile("default", "Generate keys based on XDH and EdDSA");
|
|
|
|
public static final Profile RSA3072_PROFILE = new Profile("rfc4880-rsa3072@pgpainless.org", "Generate 3072-bit RSA keys");
|
|
|
|
public static final Profile RSA4096_PROFILE = new Profile("rfc4880-rsa4096@pgpainless.org", "Generate 4096-bit RSA keys");
|
|
|
|
|
|
|
|
public static final List<Profile> SUPPORTED_PROFILES = Arrays.asList(DEFAULT_PROFILE, RSA3072_PROFILE, RSA4096_PROFILE);
|
|
|
|
|
2021-07-15 16:55:13 +02:00
|
|
|
private boolean armor = true;
|
|
|
|
private final Set<String> userIds = new LinkedHashSet<>();
|
2022-12-13 17:02:53 +01:00
|
|
|
private Passphrase passphrase = Passphrase.emptyPassphrase();
|
2023-04-14 14:31:48 +02:00
|
|
|
private String profile = DEFAULT_PROFILE.getName();
|
2021-07-15 16:55:13 +02:00
|
|
|
|
|
|
|
@Override
|
|
|
|
public GenerateKey noArmor() {
|
|
|
|
this.armor = false;
|
|
|
|
return this;
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public GenerateKey userId(String userId) {
|
|
|
|
this.userIds.add(userId);
|
|
|
|
return this;
|
|
|
|
}
|
|
|
|
|
2022-06-07 08:55:10 +02:00
|
|
|
@Override
|
|
|
|
public GenerateKey withKeyPassword(String password) {
|
|
|
|
this.passphrase = Passphrase.fromPassword(password);
|
|
|
|
return this;
|
|
|
|
}
|
|
|
|
|
2023-04-14 14:31:48 +02:00
|
|
|
@Override
|
|
|
|
public GenerateKey profile(String profileName) {
|
|
|
|
for (Profile profile : SUPPORTED_PROFILES) {
|
|
|
|
if (profile.getName().equals(profileName)) {
|
|
|
|
this.profile = profileName;
|
|
|
|
return this;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
throw new SOPGPException.UnsupportedProfile("generate-key", profileName);
|
|
|
|
}
|
|
|
|
|
2021-07-15 16:55:13 +02:00
|
|
|
@Override
|
2021-12-28 13:32:50 +01:00
|
|
|
public Ready generate() throws SOPGPException.MissingArg, SOPGPException.UnsupportedAsymmetricAlgo {
|
2021-07-15 16:55:13 +02:00
|
|
|
Iterator<String> userIdIterator = userIds.iterator();
|
2022-12-15 12:25:35 +01:00
|
|
|
Passphrase passphraseCopy = new Passphrase(passphrase.getChars()); // generateKeyRing clears the original passphrase
|
2021-07-15 16:55:13 +02:00
|
|
|
PGPSecretKeyRing key;
|
|
|
|
try {
|
2022-12-13 17:02:53 +01:00
|
|
|
String primaryUserId = userIdIterator.hasNext() ? userIdIterator.next() : null;
|
2023-04-14 14:31:48 +02:00
|
|
|
key = generateKeyWithProfile(profile, primaryUserId, passphrase);
|
2021-07-15 16:55:13 +02:00
|
|
|
|
|
|
|
if (userIdIterator.hasNext()) {
|
|
|
|
SecretKeyRingEditorInterface editor = PGPainless.modifyKeyRing(key);
|
|
|
|
|
|
|
|
while (userIdIterator.hasNext()) {
|
2022-12-15 12:25:35 +01:00
|
|
|
editor.addUserId(userIdIterator.next(), SecretKeyRingProtector.unlockAnyKeyWith(passphraseCopy));
|
2021-07-15 16:55:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
key = editor.done();
|
|
|
|
}
|
|
|
|
|
|
|
|
PGPSecretKeyRing finalKey = key;
|
|
|
|
return new Ready() {
|
|
|
|
@Override
|
|
|
|
public void writeTo(OutputStream outputStream) throws IOException {
|
|
|
|
if (armor) {
|
|
|
|
ArmoredOutputStream armoredOutputStream = ArmorUtils.toAsciiArmoredStream(finalKey, outputStream);
|
|
|
|
finalKey.encode(armoredOutputStream);
|
|
|
|
armoredOutputStream.close();
|
|
|
|
} else {
|
|
|
|
finalKey.encode(outputStream);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
};
|
|
|
|
} catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
|
2021-07-19 18:20:52 +02:00
|
|
|
throw new SOPGPException.UnsupportedAsymmetricAlgo("Unsupported asymmetric algorithm.", e);
|
2021-07-15 16:55:13 +02:00
|
|
|
} catch (PGPException e) {
|
|
|
|
throw new RuntimeException(e);
|
|
|
|
}
|
|
|
|
}
|
2023-04-14 14:31:48 +02:00
|
|
|
|
|
|
|
private PGPSecretKeyRing generateKeyWithProfile(String profile, String primaryUserId, Passphrase passphrase)
|
|
|
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
|
|
|
PGPSecretKeyRing key;
|
|
|
|
// XDH + EdDSA
|
|
|
|
if (profile.equals(DEFAULT_PROFILE.getName())) {
|
|
|
|
key = PGPainless.generateKeyRing()
|
|
|
|
.modernKeyRing(primaryUserId, passphrase);
|
|
|
|
}
|
|
|
|
else if (profile.equals(RSA3072_PROFILE.getName())) {
|
|
|
|
key = PGPainless.generateKeyRing()
|
|
|
|
.simpleRsaKeyRing(primaryUserId, RsaLength._3072, passphrase);
|
|
|
|
}
|
|
|
|
else if (profile.equals(RSA4096_PROFILE.getName())) {
|
|
|
|
key = PGPainless.generateKeyRing()
|
|
|
|
.simpleRsaKeyRing(primaryUserId, RsaLength._4096, passphrase);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
throw new SOPGPException.UnsupportedProfile("generate-key", profile);
|
|
|
|
}
|
|
|
|
return key;
|
|
|
|
}
|
2021-07-15 16:55:13 +02:00
|
|
|
}
|