From 45ee435a180ae0f71ed6a27950c040effe0ed43f Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Tue, 24 May 2022 22:10:21 +0200
Subject: [PATCH] Add support for --with-key-password to DecryptCmd

---
 .../sop/cli/picocli/commands/DecryptCmd.java  | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java
index 3a845b4..87f37c4 100644
--- a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java
@@ -87,6 +87,11 @@ public class DecryptCmd implements Runnable {
             paramLabel = "KEY")
     List<File> keys = new ArrayList<>();
 
+    @CommandLine.Option(names = "--with-key-password",
+    description = "Provide indirect file type pointing at passphrase(s) for secret key(s)",
+    paramLabel = "PASSWORD")
+    List<String> withKeyPassword = new ArrayList<>();
+
     @Override
     public void run() {
         throwIfOutputExists(verifyOut, VERIFY_OUT);
@@ -101,6 +106,7 @@ public class DecryptCmd implements Runnable {
         setNotBefore(notBefore, decrypt);
         setWithPasswords(withPassword, decrypt);
         setWithSessionKeys(withSessionKey, decrypt);
+        setWithKeyPassword(withKeyPassword, decrypt);
         setVerifyWith(certs, decrypt);
         setDecryptWith(keys, decrypt);
 
@@ -229,6 +235,19 @@ public class DecryptCmd implements Runnable {
         }
     }
 
+    private void setWithKeyPassword(List<String> withKeyPassword, Decrypt decrypt) {
+        for (String passwordFile : withKeyPassword) {
+            try {
+                String password = FileUtil.stringFromInputStream(FileUtil.getFileInputStream(passwordFile));
+                decrypt.withKeyPassword(password);
+            } catch (SOPGPException.UnsupportedOption unsupportedOption) {
+                throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, "--with-key-password"), unsupportedOption);
+            } catch (IOException e) {
+                throw new RuntimeException(e);
+            }
+        }
+    }
+
     private void setNotAfter(String notAfter, Decrypt decrypt) {
         Date notAfterDate = DateParser.parseNotAfter(notAfter);
         try {