mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-06-18 17:44:51 +02:00
280 lines
12 KiB
Java
280 lines
12 KiB
Java
/*
|
|
* Copyright 2020 Paul Schaub.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
package org.pgpainless.key.modification.secretkeyring;
|
|
|
|
import java.security.InvalidAlgorithmParameterException;
|
|
import java.security.NoSuchAlgorithmException;
|
|
import javax.annotation.Nonnull;
|
|
import javax.annotation.Nullable;
|
|
|
|
import org.bouncycastle.openpgp.PGPException;
|
|
import org.bouncycastle.openpgp.PGPSecretKey;
|
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
|
import org.bouncycastle.openpgp.PGPSignature;
|
|
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
|
import org.pgpainless.key.generation.KeySpec;
|
|
import org.pgpainless.key.protection.KeyRingProtectionSettings;
|
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
|
import org.pgpainless.key.util.RevocationAttributes;
|
|
import org.pgpainless.key.util.UserId;
|
|
import org.pgpainless.util.Passphrase;
|
|
|
|
public interface SecretKeyRingEditorInterface {
|
|
|
|
default SecretKeyRingEditorInterface addUserId(UserId userId, SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
|
|
return addUserId(userId.toString(), secretKeyRingProtector);
|
|
}
|
|
|
|
/**
|
|
* Add a user-id to the primary key of the key ring.
|
|
*
|
|
* @param userId user-id
|
|
* @return the builder
|
|
*/
|
|
SecretKeyRingEditorInterface addUserId(String userId, SecretKeyRingProtector secretKeyRingProtector) throws PGPException;
|
|
|
|
default SecretKeyRingEditorInterface addUserId(OpenPgpV4Fingerprint fingerprint, UserId userId, SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
|
|
return addUserId(fingerprint, userId.toString(), secretKeyRingProtector);
|
|
}
|
|
|
|
default SecretKeyRingEditorInterface addUserId(OpenPgpV4Fingerprint fingerprint, String userId, SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
|
|
return addUserId(fingerprint.getKeyId(), userId, secretKeyRingProtector);
|
|
}
|
|
|
|
default SecretKeyRingEditorInterface addUserId(long keyId, UserId userId, SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
|
|
return addUserId(keyId, userId.toString(), secretKeyRingProtector);
|
|
}
|
|
|
|
SecretKeyRingEditorInterface addUserId(long keyId, String userId, SecretKeyRingProtector secretKeyRingProtector) throws PGPException;
|
|
|
|
/**
|
|
* Remove a user-id from the primary key of the key ring.
|
|
*
|
|
* @param userId exact user-id to be removed
|
|
* @return the builder
|
|
*/
|
|
SecretKeyRingEditorInterface deleteUserId(String userId, SecretKeyRingProtector secretKeyRingProtector);
|
|
|
|
default SecretKeyRingEditorInterface deleteUserId(OpenPgpV4Fingerprint fingerprint, String userId, SecretKeyRingProtector secretKeyRingProtector) {
|
|
return deleteUserId(fingerprint.getKeyId(), userId, secretKeyRingProtector);
|
|
}
|
|
|
|
SecretKeyRingEditorInterface deleteUserId(long keyId, String userId, SecretKeyRingProtector secretKeyRingProtector);
|
|
|
|
/**
|
|
* Add a subkey to the key ring.
|
|
* The subkey will be generated from the provided {@link KeySpec}.
|
|
*
|
|
* @param keySpec key specification
|
|
* @return the builder
|
|
*/
|
|
SecretKeyRingEditorInterface addSubKey(@Nonnull KeySpec keySpec,
|
|
@Nonnull Passphrase subKeyPassphrase,
|
|
SecretKeyRingProtector secretKeyRingProtector)
|
|
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException;
|
|
|
|
SecretKeyRingEditorInterface addSubKey(PGPSecretKey subKey, SecretKeyRingProtector subKeyProtector, SecretKeyRingProtector keyRingProtector)
|
|
throws PGPException;
|
|
|
|
/**
|
|
* Delete a subkey from the key ring.
|
|
* The subkey with the provided fingerprint will be remove from the key ring.
|
|
* If no suitable subkey is found, a {@link java.util.NoSuchElementException} will be thrown.
|
|
*
|
|
* @param fingerprint fingerprint of the subkey to be removed
|
|
* @return the builder
|
|
*/
|
|
SecretKeyRingEditorInterface deleteSubKey(OpenPgpV4Fingerprint fingerprint, SecretKeyRingProtector secretKeyRingProtector);
|
|
|
|
/**
|
|
* Delete a subkey from the key ring.
|
|
* The subkey with the provided key-id will be removed from the key ring.
|
|
* If no suitable subkey is found, a {@link java.util.NoSuchElementException} will be thrown.
|
|
*
|
|
* @param subKeyId id of the subkey
|
|
* @return the builder
|
|
*/
|
|
SecretKeyRingEditorInterface deleteSubKey(long subKeyId, SecretKeyRingProtector secretKeyRingProtector);
|
|
|
|
/**
|
|
* Revoke the subkey binding signature of a subkey.
|
|
* The subkey with the provided fingerprint will be revoked.
|
|
* If no suitable subkey is found, a {@link java.util.NoSuchElementException} will be thrown.
|
|
*
|
|
* @param fingerprint fingerprint of the subkey to be revoked
|
|
* @return the builder
|
|
*/
|
|
default SecretKeyRingEditorInterface revokeSubKey(OpenPgpV4Fingerprint fingerprint,
|
|
SecretKeyRingProtector secretKeyRingProtector)
|
|
throws PGPException {
|
|
return revokeSubKey(fingerprint, secretKeyRingProtector, null);
|
|
}
|
|
|
|
/**
|
|
* Revoke the subkey binding signature of a subkey.
|
|
* The subkey with the provided fingerprint will be revoked.
|
|
* If no suitable subkey is found, a {@link java.util.NoSuchElementException} will be thrown.
|
|
*
|
|
* @param fingerprint fingerprint of the subkey to be revoked
|
|
* @param secretKeyRingProtector protector to unlock the primary key
|
|
* @param revocationAttributes reason for the revocation
|
|
* @return the builder
|
|
*/
|
|
SecretKeyRingEditorInterface revokeSubKey(OpenPgpV4Fingerprint fingerprint,
|
|
SecretKeyRingProtector secretKeyRingProtector,
|
|
RevocationAttributes revocationAttributes)
|
|
throws PGPException;
|
|
|
|
/**
|
|
* Revoke the subkey binding signature of a subkey.
|
|
* The subkey with the provided key-id will be revoked.
|
|
* If no suitable subkey is found, q {@link java.util.NoSuchElementException} will be thrown.
|
|
*
|
|
* @param subKeyId id of the subkey
|
|
* @return the builder
|
|
*/
|
|
default SecretKeyRingEditorInterface revokeSubKey(long subKeyId,
|
|
SecretKeyRingProtector secretKeyRingProtector)
|
|
throws PGPException {
|
|
return revokeSubKey(subKeyId, secretKeyRingProtector, null);
|
|
}
|
|
|
|
/**
|
|
* Revoke the subkey binding signature of a subkey.
|
|
* The subkey with the provided key-id will be revoked.
|
|
* If no suitable subkey is found, q {@link java.util.NoSuchElementException} will be thrown.
|
|
*
|
|
* @param subKeyId id of the subkey
|
|
* @param secretKeyRingProtector protector to unlock the primary key
|
|
* @param revocationAttributes reason for the revocation
|
|
* @return the builder
|
|
*/
|
|
SecretKeyRingEditorInterface revokeSubKey(long subKeyId,
|
|
SecretKeyRingProtector secretKeyRingProtector,
|
|
RevocationAttributes revocationAttributes)
|
|
throws PGPException;
|
|
|
|
/**
|
|
* Create a detached revocation certificate, which can be used to revoke the specified key.
|
|
*
|
|
* @param fingerprint fingerprint of the key to be revoked. Can be primary or sub key.
|
|
* @param secretKeyRingProtector protector to unlock the primary key.
|
|
* @param revocationAttributes reason for the revocation
|
|
* @return revocation certificate
|
|
*/
|
|
PGPSignature createRevocationCertificate(OpenPgpV4Fingerprint fingerprint,
|
|
SecretKeyRingProtector secretKeyRingProtector,
|
|
RevocationAttributes revocationAttributes)
|
|
throws PGPException;
|
|
|
|
/**
|
|
* Create a detached revocation certificate, which can be used to revoke the specified key.
|
|
*
|
|
* @param subKeyId id of the key to be revoked. Can be primary or sub key.
|
|
* @param secretKeyRingProtector protector to unlock the primary key.
|
|
* @param revocationAttributes reason for the revocation
|
|
* @return revocation certificate
|
|
*/
|
|
PGPSignature createRevocationCertificate(long subKeyId,
|
|
SecretKeyRingProtector secretKeyRingProtector,
|
|
RevocationAttributes revocationAttributes)
|
|
throws PGPException;
|
|
|
|
/**
|
|
* Change the passphrase of the whole key ring.
|
|
*
|
|
* @param oldPassphrase old passphrase or null, if the key was unprotected
|
|
* @return next builder step
|
|
*/
|
|
default WithKeyRingEncryptionSettings changePassphraseFromOldPassphrase(@Nullable Passphrase oldPassphrase) {
|
|
return changePassphraseFromOldPassphrase(oldPassphrase, KeyRingProtectionSettings.secureDefaultSettings());
|
|
}
|
|
|
|
/**
|
|
* Change the passphrase of the whole key ring.
|
|
*
|
|
* @param oldPassphrase old passphrase or null, if the key was unprotected
|
|
* @param oldProtectionSettings custom settings for the old passphrase
|
|
* @return next builder step
|
|
*/
|
|
WithKeyRingEncryptionSettings changePassphraseFromOldPassphrase(@Nullable Passphrase oldPassphrase,
|
|
@Nonnull KeyRingProtectionSettings oldProtectionSettings);
|
|
|
|
/**
|
|
* Change the passphrase of a single subkey in the key ring.
|
|
*
|
|
* Note: While it is a valid use-case to have different passphrases per subKey,
|
|
* this is one of the reasons why OpenPGP sucks in practice.
|
|
*
|
|
* @param keyId id of the subkey
|
|
* @param oldPassphrase old passphrase
|
|
* @return next builder step
|
|
*/
|
|
default WithKeyRingEncryptionSettings changeSubKeyPassphraseFromOldPassphrase(@Nonnull Long keyId,
|
|
@Nullable Passphrase oldPassphrase) {
|
|
return changeSubKeyPassphraseFromOldPassphrase(keyId, oldPassphrase, KeyRingProtectionSettings.secureDefaultSettings());
|
|
}
|
|
|
|
WithKeyRingEncryptionSettings changeSubKeyPassphraseFromOldPassphrase(@Nonnull Long keyId,
|
|
@Nullable Passphrase oldPassphrase,
|
|
@Nonnull KeyRingProtectionSettings oldProtectionSettings);
|
|
|
|
interface WithKeyRingEncryptionSettings {
|
|
|
|
/**
|
|
* Set secure default settings for the symmetric passphrase encryption.
|
|
* Note that this obviously has no effect if you decide to set {@link WithPassphrase#toNoPassphrase()}.
|
|
*
|
|
* @return next builder step
|
|
*/
|
|
WithPassphrase withSecureDefaultSettings();
|
|
|
|
/**
|
|
* Set custom settings for the symmetric passphrase encryption.
|
|
*
|
|
* @param settings custom settings
|
|
* @return next builder step
|
|
*/
|
|
WithPassphrase withCustomSettings(KeyRingProtectionSettings settings);
|
|
|
|
}
|
|
|
|
interface WithPassphrase {
|
|
|
|
/**
|
|
* Set the passphrase.
|
|
*
|
|
* @param passphrase passphrase
|
|
* @return editor builder
|
|
*/
|
|
SecretKeyRingEditorInterface toNewPassphrase(Passphrase passphrase) throws PGPException;
|
|
|
|
/**
|
|
* Leave the key unprotected.
|
|
*
|
|
* @return editor builder
|
|
*/
|
|
SecretKeyRingEditorInterface toNoPassphrase() throws PGPException;
|
|
}
|
|
|
|
/**
|
|
* Return the {@link PGPSecretKeyRing}.
|
|
* @return the key
|
|
*/
|
|
PGPSecretKeyRing done();
|
|
|
|
}
|