1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-25 22:02:05 +01:00

SOP: Unify key/certificate reading code

This commit is contained in:
Paul Schaub 2022-11-09 22:01:20 +01:00
parent 1c127933bd
commit e15dd70b85
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
7 changed files with 93 additions and 92 deletions

View file

@ -52,22 +52,9 @@ public class DecryptImpl implements Decrypt {
@Override @Override
public DecryptImpl verifyWithCert(InputStream certIn) throws SOPGPException.BadData, IOException { public DecryptImpl verifyWithCert(InputStream certIn) throws SOPGPException.BadData, IOException {
try { PGPPublicKeyRingCollection certs = KeyReader.readPublicKeys(certIn, true);
PGPPublicKeyRingCollection certs = PGPainless.readKeyRing().keyRingCollection(certIn, false) if (certs != null) {
.getPgpPublicKeyRingCollection();
if (certs.size() == 0) {
throw new SOPGPException.BadData(new PGPException("No certificates provided."));
}
consumerOptions.addVerificationCerts(certs); consumerOptions.addVerificationCerts(certs);
} catch (IOException e) {
if (e.getMessage() != null && e.getMessage().startsWith("unknown object in stream:")) {
throw new SOPGPException.BadData(e);
}
throw e;
} catch (PGPException e) {
throw new SOPGPException.BadData(e);
} }
return this; return this;
} }
@ -102,23 +89,11 @@ public class DecryptImpl implements Decrypt {
@Override @Override
public DecryptImpl withKey(InputStream keyIn) throws SOPGPException.BadData, IOException, SOPGPException.UnsupportedAsymmetricAlgo { public DecryptImpl withKey(InputStream keyIn) throws SOPGPException.BadData, IOException, SOPGPException.UnsupportedAsymmetricAlgo {
try { PGPSecretKeyRingCollection secretKeyCollection = KeyReader.readSecretKeys(keyIn, true);
PGPSecretKeyRingCollection secretKeyCollection = PGPainless.readKeyRing()
.secretKeyRingCollection(keyIn); for (PGPSecretKeyRing key : secretKeyCollection) {
if (secretKeyCollection.size() == 0) { protector.addSecretKey(key);
throw new SOPGPException.BadData("No key data found."); consumerOptions.addDecryptionKey(key, protector);
}
for (PGPSecretKeyRing key : secretKeyCollection) {
protector.addSecretKey(key);
consumerOptions.addDecryptionKey(key, protector);
}
} catch (IOException e) {
if (e.getMessage() != null && e.getMessage().startsWith("unknown object in stream:")) {
throw new SOPGPException.BadData(e);
}
throw e;
} catch (PGPException e) {
throw new SOPGPException.BadData(e);
} }
return this; return this;
} }

View file

@ -39,13 +39,8 @@ public class DetachedVerifyImpl implements DetachedVerify {
} }
@Override @Override
public DetachedVerify cert(InputStream cert) throws SOPGPException.BadData { public DetachedVerify cert(InputStream cert) throws SOPGPException.BadData, IOException {
PGPPublicKeyRingCollection certificates; PGPPublicKeyRingCollection certificates = KeyReader.readPublicKeys(cert, true);
try {
certificates = PGPainless.readKeyRing().publicKeyRingCollection(cert);
} catch (IOException | PGPException e) {
throw new SOPGPException.BadData(e);
}
options.addVerificationCerts(certificates); options.addVerificationCerts(certificates);
return this; return this;
} }

View file

@ -58,28 +58,23 @@ public class EncryptImpl implements Encrypt {
@Override @Override
public Encrypt signWith(InputStream keyIn) public Encrypt signWith(InputStream keyIn)
throws SOPGPException.KeyCannotSign, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.BadData { throws SOPGPException.KeyCannotSign, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.BadData, IOException {
if (signingOptions == null) { if (signingOptions == null) {
signingOptions = SigningOptions.get(); signingOptions = SigningOptions.get();
} }
PGPSecretKeyRingCollection keys = KeyReader.readSecretKeys(keyIn, true);
try { if (keys.size() != 1) {
PGPSecretKeyRingCollection keys = PGPainless.readKeyRing().secretKeyRingCollection(keyIn); throw new SOPGPException.BadData(new AssertionError("Exactly one secret key at a time expected. Got " + keys.size()));
if (keys.size() != 1) {
throw new SOPGPException.BadData(new AssertionError("Exactly one secret key at a time expected. Got " + keys.size()));
}
PGPSecretKeyRing signingKey = keys.iterator().next();
KeyRingInfo info = PGPainless.inspectKeyRing(signingKey);
if (info.getSigningSubkeys().isEmpty()) {
throw new SOPGPException.KeyCannotSign("Key " + OpenPgpFingerprint.of(signingKey) + " cannot sign.");
}
protector.addSecretKey(signingKey);
signingKeys.add(signingKey);
} catch (IOException | PGPException e) {
throw new SOPGPException.BadData(e);
} }
PGPSecretKeyRing signingKey = keys.iterator().next();
KeyRingInfo info = PGPainless.inspectKeyRing(signingKey);
if (info.getSigningSubkeys().isEmpty()) {
throw new SOPGPException.KeyCannotSign("Key " + OpenPgpFingerprint.of(signingKey) + " cannot sign.");
}
protector.addSecretKey(signingKey);
signingKeys.add(signingKey);
return this; return this;
} }

View file

@ -10,7 +10,6 @@ import java.io.OutputStream;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
@ -32,21 +31,7 @@ public class ExtractCertImpl implements ExtractCert {
@Override @Override
public Ready key(InputStream keyInputStream) throws IOException, SOPGPException.BadData { public Ready key(InputStream keyInputStream) throws IOException, SOPGPException.BadData {
PGPSecretKeyRingCollection keys; PGPSecretKeyRingCollection keys = KeyReader.readSecretKeys(keyInputStream, true);
try {
keys = PGPainless.readKeyRing().secretKeyRingCollection(keyInputStream);
} catch (IOException e) {
if (e.getMessage() != null && e.getMessage().startsWith("unknown object in stream:")) {
throw new SOPGPException.BadData(e);
}
throw e;
} catch (PGPException e) {
throw new IOException("Cannot read keys.", e);
}
if (keys == null || keys.size() == 0) {
throw new SOPGPException.BadData(new PGPException("No key data found."));
}
List<PGPPublicKeyRing> certs = new ArrayList<>(); List<PGPPublicKeyRing> certs = new ArrayList<>();
for (PGPSecretKeyRing key : keys) { for (PGPSecretKeyRing key : keys) {

View file

@ -51,19 +51,14 @@ public class InlineSignImpl implements InlineSign {
@Override @Override
public InlineSign key(InputStream keyIn) throws SOPGPException.KeyCannotSign, SOPGPException.BadData, IOException { public InlineSign key(InputStream keyIn) throws SOPGPException.KeyCannotSign, SOPGPException.BadData, IOException {
try { PGPSecretKeyRingCollection keys = KeyReader.readSecretKeys(keyIn, true);
PGPSecretKeyRingCollection keys = PGPainless.readKeyRing().secretKeyRingCollection(keyIn); for (PGPSecretKeyRing key : keys) {
KeyRingInfo info = PGPainless.inspectKeyRing(key);
for (PGPSecretKeyRing key : keys) { if (!info.isUsableForSigning()) {
KeyRingInfo info = PGPainless.inspectKeyRing(key); throw new SOPGPException.KeyCannotSign("Key " + info.getFingerprint() + " does not have valid, signing capable subkeys.");
if (!info.isUsableForSigning()) {
throw new SOPGPException.KeyCannotSign("Key " + info.getFingerprint() + " does not have valid, signing capable subkeys.");
}
protector.addSecretKey(key);
signingKeys.add(key);
} }
} catch (PGPException | KeyException e) { protector.addSecretKey(key);
throw new SOPGPException.BadData(e); signingKeys.add(key);
} }
return this; return this;
} }

View file

@ -42,13 +42,8 @@ public class InlineVerifyImpl implements InlineVerify {
} }
@Override @Override
public InlineVerify cert(InputStream cert) throws SOPGPException.BadData { public InlineVerify cert(InputStream cert) throws SOPGPException.BadData, IOException {
PGPPublicKeyRingCollection certificates; PGPPublicKeyRingCollection certificates = KeyReader.readPublicKeys(cert, true);
try {
certificates = PGPainless.readKeyRing().publicKeyRingCollection(cert);
} catch (IOException | PGPException e) {
throw new SOPGPException.BadData(e);
}
options.addVerificationCerts(certificates); options.addVerificationCerts(certificates);
return this; return this;
} }

View file

@ -0,0 +1,61 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.sop;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.pgpainless.PGPainless;
import sop.exception.SOPGPException;
import java.io.IOException;
import java.io.InputStream;
class KeyReader {
static PGPSecretKeyRingCollection readSecretKeys(InputStream keyInputStream, boolean requireContent)
throws IOException, SOPGPException.BadData {
PGPSecretKeyRingCollection keys;
try {
keys = PGPainless.readKeyRing().secretKeyRingCollection(keyInputStream);
} catch (IOException e) {
String message = e.getMessage();
if (message == null) {
throw e;
}
if (message.startsWith("unknown object in stream:") ||
message.startsWith("invalid header encountered")) {
throw new SOPGPException.BadData(e);
}
throw e;
} catch (PGPException e) {
throw new IOException("Cannot read keys.", e);
}
if (requireContent && (keys == null || keys.size() == 0)) {
throw new SOPGPException.BadData(new PGPException("No key data found."));
}
return keys;
}
static PGPPublicKeyRingCollection readPublicKeys(InputStream certIn, boolean requireContent) throws IOException {
PGPPublicKeyRingCollection certs;
try {
certs = PGPainless.readKeyRing().publicKeyRingCollection(certIn);
} catch (IOException e) {
if (e.getMessage() != null && e.getMessage().startsWith("unknown object in stream:")) {
throw new SOPGPException.BadData(e);
}
throw e;
} catch (PGPException e) {
throw new SOPGPException.BadData(e);
}
if (requireContent && (certs == null || certs.size() == 0)) {
throw new SOPGPException.BadData(new PGPException("No cert data found."));
}
return certs;
}
}