mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-25 22:02:05 +01:00
SOP: Unify key/certificate reading code
This commit is contained in:
parent
1c127933bd
commit
e15dd70b85
7 changed files with 93 additions and 92 deletions
|
@ -52,22 +52,9 @@ public class DecryptImpl implements Decrypt {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public DecryptImpl verifyWithCert(InputStream certIn) throws SOPGPException.BadData, IOException {
|
public DecryptImpl verifyWithCert(InputStream certIn) throws SOPGPException.BadData, IOException {
|
||||||
try {
|
PGPPublicKeyRingCollection certs = KeyReader.readPublicKeys(certIn, true);
|
||||||
PGPPublicKeyRingCollection certs = PGPainless.readKeyRing().keyRingCollection(certIn, false)
|
if (certs != null) {
|
||||||
.getPgpPublicKeyRingCollection();
|
|
||||||
if (certs.size() == 0) {
|
|
||||||
throw new SOPGPException.BadData(new PGPException("No certificates provided."));
|
|
||||||
}
|
|
||||||
|
|
||||||
consumerOptions.addVerificationCerts(certs);
|
consumerOptions.addVerificationCerts(certs);
|
||||||
|
|
||||||
} catch (IOException e) {
|
|
||||||
if (e.getMessage() != null && e.getMessage().startsWith("unknown object in stream:")) {
|
|
||||||
throw new SOPGPException.BadData(e);
|
|
||||||
}
|
|
||||||
throw e;
|
|
||||||
} catch (PGPException e) {
|
|
||||||
throw new SOPGPException.BadData(e);
|
|
||||||
}
|
}
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
@ -102,23 +89,11 @@ public class DecryptImpl implements Decrypt {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public DecryptImpl withKey(InputStream keyIn) throws SOPGPException.BadData, IOException, SOPGPException.UnsupportedAsymmetricAlgo {
|
public DecryptImpl withKey(InputStream keyIn) throws SOPGPException.BadData, IOException, SOPGPException.UnsupportedAsymmetricAlgo {
|
||||||
try {
|
PGPSecretKeyRingCollection secretKeyCollection = KeyReader.readSecretKeys(keyIn, true);
|
||||||
PGPSecretKeyRingCollection secretKeyCollection = PGPainless.readKeyRing()
|
|
||||||
.secretKeyRingCollection(keyIn);
|
for (PGPSecretKeyRing key : secretKeyCollection) {
|
||||||
if (secretKeyCollection.size() == 0) {
|
protector.addSecretKey(key);
|
||||||
throw new SOPGPException.BadData("No key data found.");
|
consumerOptions.addDecryptionKey(key, protector);
|
||||||
}
|
|
||||||
for (PGPSecretKeyRing key : secretKeyCollection) {
|
|
||||||
protector.addSecretKey(key);
|
|
||||||
consumerOptions.addDecryptionKey(key, protector);
|
|
||||||
}
|
|
||||||
} catch (IOException e) {
|
|
||||||
if (e.getMessage() != null && e.getMessage().startsWith("unknown object in stream:")) {
|
|
||||||
throw new SOPGPException.BadData(e);
|
|
||||||
}
|
|
||||||
throw e;
|
|
||||||
} catch (PGPException e) {
|
|
||||||
throw new SOPGPException.BadData(e);
|
|
||||||
}
|
}
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,13 +39,8 @@ public class DetachedVerifyImpl implements DetachedVerify {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public DetachedVerify cert(InputStream cert) throws SOPGPException.BadData {
|
public DetachedVerify cert(InputStream cert) throws SOPGPException.BadData, IOException {
|
||||||
PGPPublicKeyRingCollection certificates;
|
PGPPublicKeyRingCollection certificates = KeyReader.readPublicKeys(cert, true);
|
||||||
try {
|
|
||||||
certificates = PGPainless.readKeyRing().publicKeyRingCollection(cert);
|
|
||||||
} catch (IOException | PGPException e) {
|
|
||||||
throw new SOPGPException.BadData(e);
|
|
||||||
}
|
|
||||||
options.addVerificationCerts(certificates);
|
options.addVerificationCerts(certificates);
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,28 +58,23 @@ public class EncryptImpl implements Encrypt {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Encrypt signWith(InputStream keyIn)
|
public Encrypt signWith(InputStream keyIn)
|
||||||
throws SOPGPException.KeyCannotSign, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.BadData {
|
throws SOPGPException.KeyCannotSign, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.BadData, IOException {
|
||||||
if (signingOptions == null) {
|
if (signingOptions == null) {
|
||||||
signingOptions = SigningOptions.get();
|
signingOptions = SigningOptions.get();
|
||||||
}
|
}
|
||||||
|
PGPSecretKeyRingCollection keys = KeyReader.readSecretKeys(keyIn, true);
|
||||||
try {
|
if (keys.size() != 1) {
|
||||||
PGPSecretKeyRingCollection keys = PGPainless.readKeyRing().secretKeyRingCollection(keyIn);
|
throw new SOPGPException.BadData(new AssertionError("Exactly one secret key at a time expected. Got " + keys.size()));
|
||||||
if (keys.size() != 1) {
|
|
||||||
throw new SOPGPException.BadData(new AssertionError("Exactly one secret key at a time expected. Got " + keys.size()));
|
|
||||||
}
|
|
||||||
PGPSecretKeyRing signingKey = keys.iterator().next();
|
|
||||||
|
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(signingKey);
|
|
||||||
if (info.getSigningSubkeys().isEmpty()) {
|
|
||||||
throw new SOPGPException.KeyCannotSign("Key " + OpenPgpFingerprint.of(signingKey) + " cannot sign.");
|
|
||||||
}
|
|
||||||
|
|
||||||
protector.addSecretKey(signingKey);
|
|
||||||
signingKeys.add(signingKey);
|
|
||||||
} catch (IOException | PGPException e) {
|
|
||||||
throw new SOPGPException.BadData(e);
|
|
||||||
}
|
}
|
||||||
|
PGPSecretKeyRing signingKey = keys.iterator().next();
|
||||||
|
|
||||||
|
KeyRingInfo info = PGPainless.inspectKeyRing(signingKey);
|
||||||
|
if (info.getSigningSubkeys().isEmpty()) {
|
||||||
|
throw new SOPGPException.KeyCannotSign("Key " + OpenPgpFingerprint.of(signingKey) + " cannot sign.");
|
||||||
|
}
|
||||||
|
|
||||||
|
protector.addSecretKey(signingKey);
|
||||||
|
signingKeys.add(signingKey);
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,6 @@ import java.io.OutputStream;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
||||||
|
@ -32,21 +31,7 @@ public class ExtractCertImpl implements ExtractCert {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Ready key(InputStream keyInputStream) throws IOException, SOPGPException.BadData {
|
public Ready key(InputStream keyInputStream) throws IOException, SOPGPException.BadData {
|
||||||
PGPSecretKeyRingCollection keys;
|
PGPSecretKeyRingCollection keys = KeyReader.readSecretKeys(keyInputStream, true);
|
||||||
try {
|
|
||||||
keys = PGPainless.readKeyRing().secretKeyRingCollection(keyInputStream);
|
|
||||||
} catch (IOException e) {
|
|
||||||
if (e.getMessage() != null && e.getMessage().startsWith("unknown object in stream:")) {
|
|
||||||
throw new SOPGPException.BadData(e);
|
|
||||||
}
|
|
||||||
throw e;
|
|
||||||
} catch (PGPException e) {
|
|
||||||
throw new IOException("Cannot read keys.", e);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (keys == null || keys.size() == 0) {
|
|
||||||
throw new SOPGPException.BadData(new PGPException("No key data found."));
|
|
||||||
}
|
|
||||||
|
|
||||||
List<PGPPublicKeyRing> certs = new ArrayList<>();
|
List<PGPPublicKeyRing> certs = new ArrayList<>();
|
||||||
for (PGPSecretKeyRing key : keys) {
|
for (PGPSecretKeyRing key : keys) {
|
||||||
|
|
|
@ -51,19 +51,14 @@ public class InlineSignImpl implements InlineSign {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public InlineSign key(InputStream keyIn) throws SOPGPException.KeyCannotSign, SOPGPException.BadData, IOException {
|
public InlineSign key(InputStream keyIn) throws SOPGPException.KeyCannotSign, SOPGPException.BadData, IOException {
|
||||||
try {
|
PGPSecretKeyRingCollection keys = KeyReader.readSecretKeys(keyIn, true);
|
||||||
PGPSecretKeyRingCollection keys = PGPainless.readKeyRing().secretKeyRingCollection(keyIn);
|
for (PGPSecretKeyRing key : keys) {
|
||||||
|
KeyRingInfo info = PGPainless.inspectKeyRing(key);
|
||||||
for (PGPSecretKeyRing key : keys) {
|
if (!info.isUsableForSigning()) {
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(key);
|
throw new SOPGPException.KeyCannotSign("Key " + info.getFingerprint() + " does not have valid, signing capable subkeys.");
|
||||||
if (!info.isUsableForSigning()) {
|
|
||||||
throw new SOPGPException.KeyCannotSign("Key " + info.getFingerprint() + " does not have valid, signing capable subkeys.");
|
|
||||||
}
|
|
||||||
protector.addSecretKey(key);
|
|
||||||
signingKeys.add(key);
|
|
||||||
}
|
}
|
||||||
} catch (PGPException | KeyException e) {
|
protector.addSecretKey(key);
|
||||||
throw new SOPGPException.BadData(e);
|
signingKeys.add(key);
|
||||||
}
|
}
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,13 +42,8 @@ public class InlineVerifyImpl implements InlineVerify {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public InlineVerify cert(InputStream cert) throws SOPGPException.BadData {
|
public InlineVerify cert(InputStream cert) throws SOPGPException.BadData, IOException {
|
||||||
PGPPublicKeyRingCollection certificates;
|
PGPPublicKeyRingCollection certificates = KeyReader.readPublicKeys(cert, true);
|
||||||
try {
|
|
||||||
certificates = PGPainless.readKeyRing().publicKeyRingCollection(cert);
|
|
||||||
} catch (IOException | PGPException e) {
|
|
||||||
throw new SOPGPException.BadData(e);
|
|
||||||
}
|
|
||||||
options.addVerificationCerts(certificates);
|
options.addVerificationCerts(certificates);
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,61 @@
|
||||||
|
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package org.pgpainless.sop;
|
||||||
|
|
||||||
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
|
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
||||||
|
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
||||||
|
import org.pgpainless.PGPainless;
|
||||||
|
import sop.exception.SOPGPException;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
|
||||||
|
class KeyReader {
|
||||||
|
|
||||||
|
static PGPSecretKeyRingCollection readSecretKeys(InputStream keyInputStream, boolean requireContent)
|
||||||
|
throws IOException, SOPGPException.BadData {
|
||||||
|
PGPSecretKeyRingCollection keys;
|
||||||
|
try {
|
||||||
|
keys = PGPainless.readKeyRing().secretKeyRingCollection(keyInputStream);
|
||||||
|
} catch (IOException e) {
|
||||||
|
String message = e.getMessage();
|
||||||
|
if (message == null) {
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
if (message.startsWith("unknown object in stream:") ||
|
||||||
|
message.startsWith("invalid header encountered")) {
|
||||||
|
throw new SOPGPException.BadData(e);
|
||||||
|
}
|
||||||
|
throw e;
|
||||||
|
} catch (PGPException e) {
|
||||||
|
throw new IOException("Cannot read keys.", e);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (requireContent && (keys == null || keys.size() == 0)) {
|
||||||
|
throw new SOPGPException.BadData(new PGPException("No key data found."));
|
||||||
|
}
|
||||||
|
|
||||||
|
return keys;
|
||||||
|
}
|
||||||
|
|
||||||
|
static PGPPublicKeyRingCollection readPublicKeys(InputStream certIn, boolean requireContent) throws IOException {
|
||||||
|
PGPPublicKeyRingCollection certs;
|
||||||
|
try {
|
||||||
|
certs = PGPainless.readKeyRing().publicKeyRingCollection(certIn);
|
||||||
|
} catch (IOException e) {
|
||||||
|
if (e.getMessage() != null && e.getMessage().startsWith("unknown object in stream:")) {
|
||||||
|
throw new SOPGPException.BadData(e);
|
||||||
|
}
|
||||||
|
throw e;
|
||||||
|
} catch (PGPException e) {
|
||||||
|
throw new SOPGPException.BadData(e);
|
||||||
|
}
|
||||||
|
if (requireContent && (certs == null || certs.size() == 0)) {
|
||||||
|
throw new SOPGPException.BadData(new PGPException("No cert data found."));
|
||||||
|
}
|
||||||
|
return certs;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue