2023-01-09 19:48:25 +01:00
|
|
|
// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
|
|
|
|
//
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
2023-01-09 14:56:53 +01:00
|
|
|
package sop.external.operation;
|
|
|
|
|
2023-01-12 14:40:00 +01:00
|
|
|
import sop.MicAlg;
|
2023-01-09 14:56:53 +01:00
|
|
|
import sop.ReadyWithResult;
|
|
|
|
import sop.SigningResult;
|
|
|
|
import sop.enums.SignAs;
|
|
|
|
import sop.exception.SOPGPException;
|
2023-01-09 19:48:25 +01:00
|
|
|
import sop.external.ExternalSOP;
|
2023-01-09 14:56:53 +01:00
|
|
|
import sop.operation.DetachedSign;
|
|
|
|
|
2023-01-12 14:40:00 +01:00
|
|
|
import java.io.BufferedReader;
|
|
|
|
import java.io.File;
|
|
|
|
import java.io.FileInputStream;
|
2023-01-09 14:56:53 +01:00
|
|
|
import java.io.IOException;
|
|
|
|
import java.io.InputStream;
|
2023-01-12 14:40:00 +01:00
|
|
|
import java.io.InputStreamReader;
|
2023-01-09 19:48:25 +01:00
|
|
|
import java.io.OutputStream;
|
|
|
|
import java.util.ArrayList;
|
|
|
|
import java.util.List;
|
|
|
|
import java.util.Properties;
|
2023-01-09 14:56:53 +01:00
|
|
|
|
2023-01-19 17:29:29 +01:00
|
|
|
/**
|
|
|
|
* Implementation of the {@link DetachedSign} operation using an external SOP binary.
|
|
|
|
*/
|
2023-01-09 14:56:53 +01:00
|
|
|
public class DetachedSignExternal implements DetachedSign {
|
|
|
|
|
2023-01-12 14:40:00 +01:00
|
|
|
private final ExternalSOP.TempDirProvider tempDirProvider;
|
2023-01-09 19:48:25 +01:00
|
|
|
private final List<String> commandList = new ArrayList<>();
|
|
|
|
private final List<String> envList;
|
|
|
|
|
|
|
|
private int withKeyPasswordCounter = 0;
|
|
|
|
private int keyCounter = 0;
|
|
|
|
|
2023-01-12 14:40:00 +01:00
|
|
|
public DetachedSignExternal(String binary, Properties properties, ExternalSOP.TempDirProvider tempDirProvider) {
|
|
|
|
this.tempDirProvider = tempDirProvider;
|
2023-01-09 19:48:25 +01:00
|
|
|
commandList.add(binary);
|
|
|
|
commandList.add("sign");
|
|
|
|
envList = ExternalSOP.propertiesToEnv(properties);
|
|
|
|
}
|
2023-01-09 14:56:53 +01:00
|
|
|
|
|
|
|
@Override
|
|
|
|
public DetachedSign noArmor() {
|
2023-01-09 19:48:25 +01:00
|
|
|
commandList.add("--no-armor");
|
2023-01-09 14:56:53 +01:00
|
|
|
return this;
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public DetachedSign key(InputStream key) throws SOPGPException.KeyCannotSign, SOPGPException.BadData, SOPGPException.UnsupportedAsymmetricAlgo, IOException {
|
2023-01-09 19:48:25 +01:00
|
|
|
String envVar = "KEY_" + keyCounter++;
|
|
|
|
commandList.add("@ENV:" + envVar);
|
|
|
|
envList.add(envVar + "=" + ExternalSOP.readFully(key));
|
|
|
|
return this;
|
2023-01-09 14:56:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public DetachedSign withKeyPassword(byte[] password) throws SOPGPException.UnsupportedOption, SOPGPException.PasswordNotHumanReadable {
|
2023-01-09 19:48:25 +01:00
|
|
|
String envVar = "WITH_KEY_PASSWORD_" + withKeyPasswordCounter++;
|
|
|
|
commandList.add("--with-key-password=@ENV:" + envVar);
|
|
|
|
envList.add(envVar + "=" + new String(password));
|
2023-01-09 14:56:53 +01:00
|
|
|
return this;
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public DetachedSign mode(SignAs mode) throws SOPGPException.UnsupportedOption {
|
2023-01-09 19:48:25 +01:00
|
|
|
commandList.add("--as=" + mode);
|
|
|
|
return this;
|
2023-01-09 14:56:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
2023-01-09 19:48:25 +01:00
|
|
|
public ReadyWithResult<SigningResult> data(InputStream data)
|
|
|
|
throws IOException, SOPGPException.KeyIsProtected, SOPGPException.ExpectedText {
|
|
|
|
|
2023-01-12 14:40:00 +01:00
|
|
|
File tempDir = tempDirProvider.provideTempDirectory();
|
|
|
|
File micAlgOut = new File(tempDir, "micAlgOut");
|
|
|
|
micAlgOut.delete();
|
|
|
|
commandList.add("--micalg-out=" + micAlgOut.getAbsolutePath());
|
|
|
|
|
2023-01-09 19:48:25 +01:00
|
|
|
String[] command = commandList.toArray(new String[0]);
|
|
|
|
String[] env = envList.toArray(new String[0]);
|
|
|
|
try {
|
|
|
|
Process process = Runtime.getRuntime().exec(command, env);
|
|
|
|
OutputStream processOut = process.getOutputStream();
|
|
|
|
InputStream processIn = process.getInputStream();
|
|
|
|
|
|
|
|
return new ReadyWithResult<SigningResult>() {
|
|
|
|
@Override
|
|
|
|
public SigningResult writeTo(OutputStream outputStream) throws IOException {
|
|
|
|
byte[] buf = new byte[4096];
|
|
|
|
int r;
|
|
|
|
while ((r = data.read(buf)) > 0) {
|
|
|
|
processOut.write(buf, 0, r);
|
|
|
|
}
|
|
|
|
|
|
|
|
data.close();
|
2023-01-20 14:58:21 +01:00
|
|
|
try {
|
|
|
|
processOut.close();
|
|
|
|
} catch (IOException e) {
|
|
|
|
// Ignore Stream closed
|
|
|
|
}
|
2023-01-09 19:48:25 +01:00
|
|
|
|
|
|
|
while ((r = processIn.read(buf)) > 0) {
|
|
|
|
outputStream.write(buf, 0 , r);
|
|
|
|
}
|
|
|
|
|
|
|
|
processIn.close();
|
|
|
|
outputStream.close();
|
|
|
|
|
|
|
|
ExternalSOP.finish(process);
|
|
|
|
|
2023-01-12 14:40:00 +01:00
|
|
|
SigningResult.Builder builder = SigningResult.builder();
|
|
|
|
if (micAlgOut.exists()) {
|
|
|
|
BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(micAlgOut)));
|
|
|
|
String line = reader.readLine();
|
|
|
|
if (line != null && !line.trim().isEmpty()) {
|
2023-01-12 16:55:47 +01:00
|
|
|
MicAlg micAlg = new MicAlg(line.trim());
|
|
|
|
builder.setMicAlg(micAlg);
|
2023-01-12 14:40:00 +01:00
|
|
|
}
|
|
|
|
reader.close();
|
|
|
|
micAlgOut.delete();
|
|
|
|
}
|
|
|
|
|
|
|
|
return builder.build();
|
2023-01-09 19:48:25 +01:00
|
|
|
}
|
|
|
|
};
|
|
|
|
} catch (IOException e) {
|
|
|
|
throw new RuntimeException(e);
|
|
|
|
}
|
2023-01-09 14:56:53 +01:00
|
|
|
}
|
|
|
|
}
|