PGPainless/sop-java
1
0
Fork 0
mirror of https://codeberg.org/PGPainless/sop-java.git synced 2024-11-22 15:12:06 +01:00
Code Issues Projects Releases Packages Wiki Activity

Wip: Refactor command implementation and enable i18n for CLI

Browse source
This commit is contained in:
Paul Schaub 2022-06-06 20:06:14 +02:00
parent a7f02d58cc
commit 4934e472e2
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
34 changed files with 980 additions and 782 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
sop-java-picocli/src/main/java/sop/cli/picocli/DateParser.java
View file

@ -1,33 +0,0 @@
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package sop.cli.picocli;
import java.util.Date;
import sop.util.UTCUtil;
public class DateParser {
public static final Date BEGINNING_OF_TIME = new Date(0);
public static final Date END_OF_TIME = new Date(8640000000000000L);
public static Date parseNotAfter(String notAfter) {
Date date = notAfter.equals("now") ? new Date() : notAfter.equals("-") ? END_OF_TIME : UTCUtil.parseUTCDate(notAfter);
if (date == null) {
Print.errln("Invalid date string supplied as value of --not-after.");
System.exit(1);
}
return date;
}
public static Date parseNotBefore(String notBefore) {
Date date = notBefore.equals("now") ? new Date() : notBefore.equals("-") ? BEGINNING_OF_TIME : UTCUtil.parseUTCDate(notBefore);
if (date == null) {
Print.errln("Invalid date string supplied as value of --not-before.");
System.exit(1);
}
return date;
}
}

115
sop-java-picocli/src/main/java/sop/cli/picocli/FileUtil.java
View file

@ -1,115 +0,0 @@
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package sop.cli.picocli;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.io.IOException;
import sop.exception.SOPGPException;
import sop.util.UTF8Util;
public class FileUtil {
private static final String ERROR_AMBIGUOUS = "File name '%s' is ambiguous. File with the same name exists on the filesystem.";
private static final String ERROR_ENV_FOUND = "Environment variable '%s' not set.";
private static final String ERROR_OUTPUT_EXISTS = "Output file '%s' already exists.";
private static final String ERROR_INPUT_NOT_EXIST = "File '%s' does not exist.";
private static final String ERROR_CANNOT_CREATE_FILE = "Output file '%s' cannot be created: %s";
public static final String PRFX_ENV = "@ENV:";
public static final String PRFX_FD = "@FD:";
private static EnvironmentVariableResolver envResolver = System::getenv;
public static void setEnvironmentVariableResolver(EnvironmentVariableResolver envResolver) {
if (envResolver == null) {
throw new NullPointerException("Variable envResolver cannot be null.");
}
FileUtil.envResolver = envResolver;
}
public interface EnvironmentVariableResolver {
/**
* Resolve the value of the given environment variable.
* Return null if the variable is not present.
*
* @param name name of the variable
* @return variable value or null
*/
String resolveEnvironmentVariable(String name);
}
public static File getFile(String fileName) {
if (fileName == null) {
throw new NullPointerException("File name cannot be null.");
}
if (fileName.startsWith(PRFX_ENV)) {
if (new File(fileName).exists()) {
throw new SOPGPException.AmbiguousInput(String.format(ERROR_AMBIGUOUS, fileName));
}
String envName = fileName.substring(PRFX_ENV.length());
String envValue = envResolver.resolveEnvironmentVariable(envName);
if (envValue == null) {
throw new IllegalArgumentException(String.format(ERROR_ENV_FOUND, envName));
}
return new File(envValue);
} else if (fileName.startsWith(PRFX_FD)) {
if (new File(fileName).exists()) {
throw new SOPGPException.AmbiguousInput(String.format(ERROR_AMBIGUOUS, fileName));
}
throw new IllegalArgumentException("File descriptors not supported.");
}
return new File(fileName);
}
public static FileInputStream getFileInputStream(String fileName) {
File file = getFile(fileName);
try {
FileInputStream inputStream = new FileInputStream(file);
return inputStream;
} catch (FileNotFoundException e) {
throw new SOPGPException.MissingInput(String.format(ERROR_INPUT_NOT_EXIST, fileName), e);
}
}
public static File createNewFileOrThrow(File file) throws IOException {
if (file == null) {
throw new NullPointerException("File cannot be null.");
}
try {
if (!file.createNewFile()) {
throw new SOPGPException.OutputExists(String.format(ERROR_OUTPUT_EXISTS, file.getAbsolutePath()));
}
} catch (IOException e) {
throw new IOException(String.format(ERROR_CANNOT_CREATE_FILE, file.getAbsolutePath(), e.getMessage()));
}
return file;
}
public static String stringFromInputStream(InputStream inputStream) throws IOException {
try {
ByteArrayOutputStream byteOut = new ByteArrayOutputStream();
byte[] buf = new byte[4096]; int read;
while ((read = inputStream.read(buf)) != -1) {
byteOut.write(buf, 0, read);
}
// TODO: For decrypt operations we MUST accept non-UTF8 passwords
return UTF8Util.decodeUTF8(byteOut.toByteArray());
} finally {
inputStream.close();
}
}
}

2
sop-java-picocli/src/main/java/sop/cli/picocli/SOPExecutionExceptionHandler.java
View file

@ -10,9 +10,11 @@ public class SOPExecutionExceptionHandler implements CommandLine.IExecutionExcep
@Override
public int handleExecutionException(Exception ex, CommandLine commandLine, CommandLine.ParseResult parseResult) {
int exitCode = commandLine.getExitCodeExceptionMapper() != null ?
commandLine.getExitCodeExceptionMapper().getExitCode(ex) :
commandLine.getCommandSpec().exitCodeOnExecutionException();
CommandLine.Help.ColorScheme colorScheme = commandLine.getColorScheme();
// CHECKSTYLE:OFF
if (ex.getMessage() != null) {

54
sop-java-picocli/src/main/java/sop/cli/picocli/SopCLI.java
View file

@ -20,9 +20,13 @@ import sop.cli.picocli.commands.SignCmd;
import sop.cli.picocli.commands.VerifyCmd;
import sop.cli.picocli.commands.VersionCmd;
import java.util.List;
import java.util.Locale;
import java.util.ResourceBundle;
@CommandLine.Command(
name = "sop",
description = "Stateless OpenPGP Protocol",
resourceBundle = "sop",
exitCodeOnInvalidInput = 69,
subcommands = {
CommandLine.HelpCommand.class,
@ -39,33 +43,12 @@ import sop.cli.picocli.commands.VersionCmd;
InlineVerifyCmd.class,
VersionCmd.class,
AutoComplete.GenerateCompletion.class
},
exitCodeListHeading = "Exit Codes:%n",
exitCodeList = {
" 0:Successful program execution",
" 1:Generic program error",
" 3:Verification requested but no verifiable signature found",
"13:Unsupported asymmetric algorithm",
"17:Certificate is not encryption capable",
"19:Usage error: Missing argument",
"23:Incomplete verification instructions",
"29:Unable to decrypt",
"31:Password is not human-readable",
"37:Unsupported Option",
"41:Invalid data or data of wrong type encountered",
"53:Non-text input received where text was expected",
"59:Output file already exists",
"61:Input file does not exist",
"67:Key is password protected",
"69:Unsupported subcommand",
"71:Unsupported special prefix (e.g. \"@env/@fd\") of indirect parameter",
"73:Ambiguous input (a filename matching the designator already exists)",
"79:Key is not signing capable"
}
)
public class SopCLI {
// Singleton
static SOP SOP_INSTANCE;
static ResourceBundle cliMsg = ResourceBundle.getBundle("sop");
public static String EXECUTABLE_NAME = "sop";
@ -77,6 +60,13 @@ public class SopCLI {
}
public static int execute(String[] args) {
// Set locale
new CommandLine(new InitLocale()).parseArgs(args);
cliMsg = ResourceBundle.getBundle("sop");
// Prepare CLI
CommandLine cmd = new CommandLine(SopCLI.class);
// Hide generate-completion command
CommandLine gen = cmd.getSubcommands().get("generate-completion");
@ -92,7 +82,8 @@ public class SopCLI {
public static SOP getSop() {
if (SOP_INSTANCE == null) {
throw new IllegalStateException("No SOP backend set.");
String errorMsg = cliMsg.getString("sop.error.runtime.no_backend_set");
throw new IllegalStateException(errorMsg);
}
return SOP_INSTANCE;
}
@ -101,3 +92,18 @@ public class SopCLI {
SOP_INSTANCE = instance;
}
}
/**
* Control the locale.
*
* @see <a href="https://picocli.info/#_controlling_the_locale">Picocli Readme</a>
*/
class InitLocale {
@CommandLine.Option(names = { "-l", "--locale" }, descriptionKey = "sop.locale")
void setLocale(String locale) {
Locale.setDefault(new Locale(locale));
}
@CommandLine.Unmatched
List<String> remainder; // ignore any other parameters and options in the first parsing phase
}

200
sop-java-picocli/src/main/java/sop/cli/picocli/commands/AbstractSopCmd.java
View file

@ -5,43 +5,225 @@
package sop.cli.picocli.commands;
import sop.exception.SOPGPException;
import sop.util.UTCUtil;
import sop.util.UTF8Util;
import javax.annotation.Nonnull;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Collection;
import java.util.Date;
import java.util.Locale;
import java.util.ResourceBundle;
public abstract class AbstractSopCmd implements Runnable {
static final String ERROR_UNSUPPORTED_OPTION = "Option '%s' is not supported.";
static final String ERROR_FILE_NOT_EXIST = "File '%s' does not exist.";
static final String ERROR_OUTPUT_OF_OPTION_EXISTS = "Target %s of option %s already exists.";
public interface EnvironmentVariableResolver {
/**
* Resolve the value of the given environment variable.
* Return null if the variable is not present.
*
* @param name name of the variable
* @return variable value or null
*/
String resolveEnvironmentVariable(String name);
}
void throwIfOutputExists(File outputFile, String optionName) {
if (outputFile == null) {
public static final String PRFX_ENV = "@ENV:";
public static final String PRFX_FD = "@FD:";
public static final Date BEGINNING_OF_TIME = new Date(0);
public static final Date END_OF_TIME = new Date(8640000000000000L);
protected final ResourceBundle messages;
protected EnvironmentVariableResolver envResolver = System::getenv;
public AbstractSopCmd() {
this(Locale.getDefault());
}
public AbstractSopCmd(@Nonnull Locale locale) {
messages = ResourceBundle.getBundle("sop", locale);
}
void throwIfOutputExists(String output) {
if (output == null) {
return;
}
File outputFile = new File(output);
if (outputFile.exists()) {
throw new SOPGPException.OutputExists(String.format(ERROR_OUTPUT_OF_OPTION_EXISTS, outputFile.getAbsolutePath(), optionName));
String errorMsg = getMsg("sop.error.indirect_data_type.output_file_already_exists", outputFile.getAbsolutePath());
throw new SOPGPException.OutputExists(errorMsg);
}
}
public String getMsg(String key) {
return messages.getString(key);
}
public String getMsg(String key, String arg1) {
return String.format(messages.getString(key), arg1);
}
public String getMsg(String key, String arg1, String arg2) {
return String.format(messages.getString(key), arg1, arg2);
}
void throwIfMissingArg(Object arg, String argName) {
if (arg == null) {
throw new SOPGPException.MissingArg(argName + " is required.");
String errorMsg = getMsg("sop.error.usage.argument_required", argName);
throw new SOPGPException.MissingArg(errorMsg);
}
}
void throwIfEmptyParameters(Collection<?> arg, String parmName) {
if (arg.isEmpty()) {
throw new SOPGPException.MissingArg("Parameter '" + parmName + "' is required.");
String errorMsg = getMsg("sop.error.usage.parameter_required", parmName);
throw new SOPGPException.MissingArg(errorMsg);
}
}
<T> T throwIfUnsupportedSubcommand(T subcommand, String subcommandName) {
if (subcommand == null) {
throw new SOPGPException.UnsupportedSubcommand("Command '" + subcommandName + "' is not supported.");
String errorMsg = getMsg("sop.error.feature_support.subcommand_not_supported", subcommandName);
throw new SOPGPException.UnsupportedSubcommand(errorMsg);
}
return subcommand;
}
void setEnvironmentVariableResolver(EnvironmentVariableResolver envResolver) {
if (envResolver == null) {
throw new NullPointerException("Variable envResolver cannot be null.");
}
this.envResolver = envResolver;
}
public InputStream getInput(String indirectInput) throws IOException {
if (indirectInput == null) {
throw new IllegalArgumentException("Input cannot not be null.");
}
String trimmed = indirectInput.trim();
if (trimmed.isEmpty()) {
throw new IllegalArgumentException("Input cannot be blank.");
}
if (trimmed.startsWith(PRFX_ENV)) {
if (new File(trimmed).exists()) {
String errorMsg = getMsg("sop.error.indirect_data_type.ambiguous_filename", trimmed);
throw new SOPGPException.AmbiguousInput(errorMsg);
}
String envName = trimmed.substring(PRFX_ENV.length());
String envValue = envResolver.resolveEnvironmentVariable(envName);
if (envValue == null) {
String errorMsg = getMsg("sop.error.indirect_data_type.environment_variable_not_set", envName);
throw new IllegalArgumentException(errorMsg);
}
if (envValue.trim().isEmpty()) {
String errorMsg = getMsg("sop.error.indirect_data_type.environment_variable_empty", envName);
throw new IllegalArgumentException(errorMsg);
}
return new ByteArrayInputStream(envValue.getBytes("UTF8"));
} else if (trimmed.startsWith(PRFX_FD)) {
if (new File(trimmed).exists()) {
String errorMsg = getMsg("sop.error.indirect_data_type.ambiguous_filename", trimmed);
throw new SOPGPException.AmbiguousInput(errorMsg);
}
String errorMsg = getMsg("sop.error.indirect_data_type.designator_fd_not_supported");
throw new SOPGPException.UnsupportedSpecialPrefix(errorMsg);
} else {
File file = new File(trimmed);
if (!file.exists()) {
String errorMsg = getMsg("sop.error.indirect_data_type.input_file_does_not_exist", file.getAbsolutePath());
throw new SOPGPException.MissingInput(errorMsg);
}
if (!file.isFile()) {
String errorMsg = getMsg("sop.error.indirect_data_type.input_not_a_file", file.getAbsolutePath());
throw new SOPGPException.MissingInput(errorMsg);
}
return new FileInputStream(file);
}
}
public OutputStream getOutput(String indirectOutput) throws IOException {
if (indirectOutput == null) {
throw new IllegalArgumentException("Output cannot be null.");
}
String trimmed = indirectOutput.trim();
if (trimmed.isEmpty()) {
throw new IllegalArgumentException("Output cannot be blank.");
}
// @ENV not allowed for output
if (trimmed.startsWith(PRFX_ENV)) {
String errorMsg = getMsg("sop.error.indirect_data_type.illegal_use_of_env_designator");
throw new SOPGPException.UnsupportedSpecialPrefix(errorMsg);
}
if (trimmed.startsWith(PRFX_FD)) {
String errorMsg = getMsg("sop.error.indirect_data_type.designator_fd_not_supported");
throw new SOPGPException.UnsupportedSpecialPrefix(errorMsg);
}
File file = new File(trimmed);
if (file.exists()) {
String errorMsg = getMsg("sop.error.indirect_data_type.output_file_already_exists", file.getAbsolutePath());
throw new SOPGPException.OutputExists(errorMsg);
}
if (!file.createNewFile()) {
String errorMsg = getMsg("sop.error.indirect_data_type.output_file_cannot_be_created", file.getAbsolutePath());
throw new IOException(errorMsg);
}
return new FileOutputStream(file);
}
public static String stringFromInputStream(InputStream inputStream) throws IOException {
try {
ByteArrayOutputStream byteOut = new ByteArrayOutputStream();
byte[] buf = new byte[4096]; int read;
while ((read = inputStream.read(buf)) != -1) {
byteOut.write(buf, 0, read);
}
// TODO: For decrypt operations we MUST accept non-UTF8 passwords
return UTF8Util.decodeUTF8(byteOut.toByteArray());
} finally {
inputStream.close();
}
}
public Date parseNotAfter(String notAfter) {
Date date = notAfter.equals("now") ? new Date() : notAfter.equals("-") ? END_OF_TIME : UTCUtil.parseUTCDate(notAfter);
if (date == null) {
String errorMsg = getMsg("sop.error.input.malformed_not_after");
throw new IllegalArgumentException(errorMsg);
}
return date;
}
public Date parseNotBefore(String notBefore) {
Date date = notBefore.equals("now") ? new Date() : notBefore.equals("-") ? BEGINNING_OF_TIME : UTCUtil.parseUTCDate(notBefore);
if (date == null) {
String errorMsg = getMsg("sop.error.input.malformed_not_before");
throw new IllegalArgumentException(errorMsg);
}
return date;
}
}

24
sop-java-picocli/src/main/java/sop/cli/picocli/commands/ArmorCmd.java
View file

@ -4,22 +4,23 @@
package sop.cli.picocli.commands;
import java.io.IOException;
import picocli.CommandLine;
import sop.Ready;
import sop.cli.picocli.Print;
import sop.cli.picocli.SopCLI;
import sop.enums.ArmorLabel;
import sop.exception.SOPGPException;
import sop.operation.Armor;
import java.io.IOException;
@CommandLine.Command(name = "armor",
description = "Add ASCII Armor to standard input",
resourceBundle = "sop",
exitCodeOnInvalidInput = SOPGPException.UnsupportedOption.EXIT_CODE)
public class ArmorCmd extends AbstractSopCmd {
@CommandLine.Option(names = {"--label"}, description = "Label to be used in the header and tail of the armoring.", paramLabel = "{auto|sig|key|cert|message}")
@CommandLine.Option(names = {"--label"},
descriptionKey = "sop.armor.usage.option.label",
paramLabel = "{auto|sig|key|cert|message}")
ArmorLabel label;
@Override
@ -32,8 +33,8 @@ public class ArmorCmd extends AbstractSopCmd {
try {
armor.label(label);
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
Print.errln("Armor labels not supported.");
System.exit(unsupportedOption.getExitCode());
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--label");
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
}
}
@ -41,13 +42,10 @@ public class ArmorCmd extends AbstractSopCmd {
Ready ready = armor.data(System.in);
ready.writeTo(System.out);
} catch (SOPGPException.BadData badData) {
Print.errln("Bad data.");
Print.trace(badData);
System.exit(badData.getExitCode());
String errorMsg = getMsg("sop.error.input.stdin_not_openpgp_data");
throw new SOPGPException.BadData(errorMsg, badData);
} catch (IOException e) {
Print.errln("IO Error.");
Print.trace(e);
System.exit(1);
throw new RuntimeException(e);
}
}
}

16
sop-java-picocli/src/main/java/sop/cli/picocli/commands/DearmorCmd.java
View file

@ -4,16 +4,15 @@
package sop.cli.picocli.commands;
import java.io.IOException;
import picocli.CommandLine;
import sop.cli.picocli.Print;
import sop.cli.picocli.SopCLI;
import sop.exception.SOPGPException;
import sop.operation.Dearmor;
import java.io.IOException;
@CommandLine.Command(name = "dearmor",
description = "Remove ASCII Armor from standard input",
resourceBundle = "sop",
exitCodeOnInvalidInput = SOPGPException.UnsupportedOption.EXIT_CODE)
public class DearmorCmd extends AbstractSopCmd {
@ -26,13 +25,10 @@ public class DearmorCmd extends AbstractSopCmd {
dearmor.data(System.in)
.writeTo(System.out);
} catch (SOPGPException.BadData e) {
Print.errln("Bad data.");
Print.trace(e);
System.exit(e.getExitCode());
String errorMsg = getMsg("sop.error.input.stdin_not_openpgp_data");
throw new SOPGPException.BadData(errorMsg, e);
} catch (IOException e) {
Print.errln("IO Error.");
Print.trace(e);
System.exit(1);
throw new RuntimeException(e);
}
}
}

138
sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java
View file

@ -4,31 +4,27 @@
package sop.cli.picocli.commands;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import picocli.CommandLine;
import sop.DecryptionResult;
import sop.ReadyWithResult;
import sop.SessionKey;
import sop.Verification;
import sop.cli.picocli.SopCLI;
import sop.exception.SOPGPException;
import sop.operation.Decrypt;
import sop.util.HexUtil;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.regex.Pattern;
import picocli.CommandLine;
import sop.DecryptionResult;
import sop.ReadyWithResult;
import sop.SessionKey;
import sop.Verification;
import sop.cli.picocli.DateParser;
import sop.cli.picocli.FileUtil;
import sop.cli.picocli.SopCLI;
import sop.exception.SOPGPException;
import sop.operation.Decrypt;
import sop.util.HexUtil;
@CommandLine.Command(name = "decrypt",
description = "Decrypt a message from standard input",
resourceBundle = "sop",
exitCodeOnInvalidInput = SOPGPException.UnsupportedOption.EXIT_CODE)
public class DecryptCmd extends AbstractSopCmd {
@ -44,54 +40,49 @@ public class DecryptCmd extends AbstractSopCmd {
@CommandLine.Option(
names = {OPT_SESSION_KEY_OUT},
description = "Can be used to learn the session key on successful decryption",
descriptionKey = "sop.decrypt.usage.option.session_key_out",
paramLabel = "SESSIONKEY")
File sessionKeyOut;
String sessionKeyOut;
@CommandLine.Option(
names = {OPT_WITH_SESSION_KEY},
description = "Provide a session key file. Enables decryption of the \"CIPHERTEXT\" using the session key directly against the \"SEIPD\" packet",
descriptionKey = "sop.decrypt.usage.option.with_session_key",
paramLabel = "SESSIONKEY")
List<String> withSessionKey = new ArrayList<>();
@CommandLine.Option(
names = {OPT_WITH_PASSWORD},
description = "Provide a password file. Enables decryption based on any \"SKESK\" packets in the \"CIPHERTEXT\"",
descriptionKey = "sop.decrypt.usage.option.with_password",
paramLabel = "PASSWORD")
List<String> withPassword = new ArrayList<>();
@CommandLine.Option(names = {OPT_VERIFY_OUT},
description = "Produces signature verification status to the designated file",
descriptionKey = "sop.decrypt.usage.option.verify_out",
paramLabel = "VERIFICATIONS")
File verifyOut;
String verifyOut;
@CommandLine.Option(names = {OPT_VERIFY_WITH},
description = "Certificates whose signatures would be acceptable for signatures over this message",
descriptionKey = "sop.decrypt.usage.option.certs",
paramLabel = "CERT")
List<File> certs = new ArrayList<>();
List<String> certs = new ArrayList<>();
@CommandLine.Option(names = {OPT_NOT_BEFORE},
description = "ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\n" +
"Reject signatures with a creation date not in range.\n" +
"Defaults to beginning of time (\"-\").",
descriptionKey = "sop.decrypt.usage.option.not_before",
paramLabel = "DATE")
String notBefore = "-";
@CommandLine.Option(names = {OPT_NOT_AFTER},
description = "ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\n" +
"Reject signatures with a creation date not in range.\n" +
"Defaults to current system time (\"now\").\n" +
"Accepts special value \"-\" for end of time.",
descriptionKey = "sop.decrypt.usage.option.not_after",
paramLabel = "DATE")
String notAfter = "now";
@CommandLine.Parameters(index = "0..*",
description = "Secret keys to attempt decryption with",
descriptionKey = "sop.decrypt.usage.param.keys",
paramLabel = "KEY")
List<File> keys = new ArrayList<>();
List<String> keys = new ArrayList<>();
@CommandLine.Option(names = {OPT_WITH_KEY_PASSWORD},
description = "Provide indirect file type pointing at passphrase(s) for secret key(s)",
descriptionKey = "sop.decrypt.usage.option.with_key_password",
paramLabel = "PASSWORD")
List<String> withKeyPassword = new ArrayList<>();
@ -100,8 +91,8 @@ public class DecryptCmd extends AbstractSopCmd {
Decrypt decrypt = throwIfUnsupportedSubcommand(
SopCLI.getSop().decrypt(), "decrypt");
throwIfOutputExists(verifyOut, OPT_VERIFY_OUT);
throwIfOutputExists(sessionKeyOut, OPT_SESSION_KEY_OUT);
throwIfOutputExists(verifyOut);
throwIfOutputExists(sessionKeyOut);
setNotAfter(notAfter, decrypt);
setNotBefore(notBefore, decrypt);
@ -112,8 +103,8 @@ public class DecryptCmd extends AbstractSopCmd {
setDecryptWith(keys, decrypt);
if (verifyOut != null && certs.isEmpty()) {
String errorMessage = "Option %s is requested, but no option %s was provided.";
throw new SOPGPException.IncompleteVerification(String.format(errorMessage, OPT_VERIFY_OUT, OPT_VERIFY_WITH));
String errorMsg = getMsg("sop.error.usage.option_requires_other_option", OPT_VERIFY_OUT, OPT_VERIFY_WITH);
throw new SOPGPException.IncompleteVerification(errorMsg);
}
try {
@ -122,7 +113,8 @@ public class DecryptCmd extends AbstractSopCmd {
writeSessionKeyOut(result);
writeVerifyOut(result);
} catch (SOPGPException.BadData badData) {
throw new SOPGPException.BadData("No valid OpenPGP message found on Standard Input.", badData);
String errorMsg = getMsg("sop.error.input.stdin_not_a_message");
throw new SOPGPException.BadData(errorMsg, badData);
} catch (IOException ioException) {
throw new RuntimeException(ioException);
}
@ -130,9 +122,8 @@ public class DecryptCmd extends AbstractSopCmd {
private void writeVerifyOut(DecryptionResult result) throws IOException {
if (verifyOut != null) {
FileUtil.createNewFileOrThrow(verifyOut);
try (FileOutputStream outputStream = new FileOutputStream(verifyOut)) {
PrintWriter writer = new PrintWriter(outputStream);
try (OutputStream fileOut = getOutput(verifyOut)) {
PrintWriter writer = new PrintWriter(fileOut);
for (Verification verification : result.getVerifications()) {
// CHECKSTYLE:OFF
writer.println(verification.toString());
@ -145,11 +136,9 @@ public class DecryptCmd extends AbstractSopCmd {
private void writeSessionKeyOut(DecryptionResult result) throws IOException {
if (sessionKeyOut != null) {
FileUtil.createNewFileOrThrow(sessionKeyOut);
try (FileOutputStream outputStream = new FileOutputStream(sessionKeyOut)) {
try (OutputStream outputStream = getOutput(sessionKeyOut)) {
if (!result.getSessionKey().isPresent()) {
String errorMsg = "Session key not extracted. Possibly the feature %s is not supported.";
String errorMsg = getMsg("sop.error.runtime.no_session_key_extracted");
throw new SOPGPException.UnsupportedOption(String.format(errorMsg, OPT_SESSION_KEY_OUT));
} else {
SessionKey sessionKey = result.getSessionKey().get();
@ -160,30 +149,29 @@ public class DecryptCmd extends AbstractSopCmd {
}
}
private void setDecryptWith(List<File> keys, Decrypt decrypt) {
for (File key : keys) {
try (FileInputStream keyIn = new FileInputStream(key)) {
private void setDecryptWith(List<String> keys, Decrypt decrypt) {
for (String key : keys) {
try (InputStream keyIn = getInput(key)) {
decrypt.withKey(keyIn);
} catch (SOPGPException.KeyIsProtected keyIsProtected) {
throw new SOPGPException.KeyIsProtected("Key in file " + key.getAbsolutePath() + " is password protected.", keyIsProtected);
String errorMsg = getMsg("sop.error.runtime.cannot_unlock_key", key);
throw new SOPGPException.KeyIsProtected(errorMsg, keyIsProtected);
} catch (SOPGPException.BadData badData) {
throw new SOPGPException.BadData("File " + key.getAbsolutePath() + " does not contain a private key.", badData);
} catch (FileNotFoundException e) {
throw new SOPGPException.MissingInput(String.format(ERROR_FILE_NOT_EXIST, key.getAbsolutePath()), e);
String errorMsg = getMsg("sop.error.input.not_a_private_key", key);
throw new SOPGPException.BadData(errorMsg, badData);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
private void setVerifyWith(List<File> certs, Decrypt decrypt) {
for (File cert : certs) {
try (FileInputStream certIn = new FileInputStream(cert)) {
private void setVerifyWith(List<String> certs, Decrypt decrypt) {
for (String cert : certs) {
try (InputStream certIn = getInput(cert)) {
decrypt.verifyWithCert(certIn);
} catch (FileNotFoundException e) {
throw new SOPGPException.MissingInput(String.format(ERROR_FILE_NOT_EXIST, cert.getAbsolutePath()), e);
} catch (SOPGPException.BadData badData) {
throw new SOPGPException.BadData("File " + cert.getAbsolutePath() + " does not contain a valid certificate.", badData);
String errorMsg = getMsg("sop.error.input.not_a_certificate", cert);
throw new SOPGPException.BadData(errorMsg, badData);
} catch (IOException ioException) {
throw new RuntimeException(ioException);
}
@ -195,12 +183,13 @@ public class DecryptCmd extends AbstractSopCmd {
for (String sessionKeyFile : withSessionKey) {
String sessionKey;
try {
sessionKey = FileUtil.stringFromInputStream(FileUtil.getFileInputStream(sessionKeyFile));
sessionKey = stringFromInputStream(getInput(sessionKeyFile));
} catch (IOException e) {
throw new RuntimeException(e);
}
if (!sessionKeyPattern.matcher(sessionKey).matches()) {
throw new IllegalArgumentException("Session keys are expected in the format 'ALGONUM:HEXKEY'.");
String errorMsg = getMsg("sop.error.input.malformed_session_key");
throw new IllegalArgumentException(errorMsg);
}
String[] split = sessionKey.split(":");
byte algorithm = (byte) Integer.parseInt(split[0]);
@ -209,7 +198,8 @@ public class DecryptCmd extends AbstractSopCmd {
try {
decrypt.withSessionKey(new SessionKey(algorithm, key));
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, OPT_WITH_SESSION_KEY), unsupportedOption);
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", OPT_WITH_SESSION_KEY);
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
}
}
}
@ -217,10 +207,12 @@ public class DecryptCmd extends AbstractSopCmd {
private void setWithPasswords(List<String> withPassword, Decrypt decrypt) {
for (String passwordFile : withPassword) {
try {
String password = FileUtil.stringFromInputStream(FileUtil.getFileInputStream(passwordFile));
String password = stringFromInputStream(getInput(passwordFile));
decrypt.withPassword(password);
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, OPT_WITH_PASSWORD), unsupportedOption);
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", OPT_WITH_PASSWORD);
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
} catch (IOException e) {
throw new RuntimeException(e);
}
@ -230,10 +222,12 @@ public class DecryptCmd extends AbstractSopCmd {
private void setWithKeyPassword(List<String> withKeyPassword, Decrypt decrypt) {
for (String passwordFile : withKeyPassword) {
try {
String password = FileUtil.stringFromInputStream(FileUtil.getFileInputStream(passwordFile));
String password = stringFromInputStream(getInput(passwordFile));
decrypt.withKeyPassword(password);
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, OPT_WITH_KEY_PASSWORD), unsupportedOption);
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", OPT_WITH_KEY_PASSWORD);
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
} catch (IOException e) {
throw new RuntimeException(e);
}
@ -241,20 +235,22 @@ public class DecryptCmd extends AbstractSopCmd {
}
private void setNotAfter(String notAfter, Decrypt decrypt) {
Date notAfterDate = DateParser.parseNotAfter(notAfter);
Date notAfterDate = parseNotAfter(notAfter);
try {
decrypt.verifyNotAfter(notAfterDate);
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, OPT_NOT_AFTER), unsupportedOption);
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", OPT_NOT_AFTER);
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
}
}
private void setNotBefore(String notBefore, Decrypt decrypt) {
Date notBeforeDate = DateParser.parseNotBefore(notBefore);
Date notBeforeDate = parseNotBefore(notBefore);
try {
decrypt.verifyNotBefore(notBeforeDate);
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, OPT_NOT_BEFORE), unsupportedOption);
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", OPT_NOT_BEFORE);
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
}
}
}

82
sop-java-picocli/src/main/java/sop/cli/picocli/commands/EncryptCmd.java
View file

@ -4,55 +4,52 @@
package sop.cli.picocli.commands;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import picocli.CommandLine;
import sop.Ready;
import sop.cli.picocli.FileUtil;
import sop.cli.picocli.SopCLI;
import sop.enums.EncryptAs;
import sop.exception.SOPGPException;
import sop.operation.Encrypt;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
@CommandLine.Command(name = "encrypt",
description = "Encrypt a message from standard input",
resourceBundle = "sop",
exitCodeOnInvalidInput = 37)
public class EncryptCmd extends AbstractSopCmd {
@CommandLine.Option(names = "--no-armor",
description = "ASCII armor the output",
descriptionKey = "sop.encrypt.usage.option.armor",
negatable = true)
boolean armor = true;
@CommandLine.Option(names = {"--as"},
description = "Type of the input data. Defaults to 'binary'",
descriptionKey = "sop.encrypt.usage.option.type",
paramLabel = "{binary|text}")
EncryptAs type;
@CommandLine.Option(names = "--with-password",
description = "Encrypt the message with a password provided by the given password file",
descriptionKey = "sop.encrypt.usage.option.with_password",
paramLabel = "PASSWORD")
List<String> withPassword = new ArrayList<>();
@CommandLine.Option(names = "--sign-with",
description = "Sign the output with a private key",
descriptionKey = "sop.encrypt.usage.option.sign_with",
paramLabel = "KEY")
List<File> signWith = new ArrayList<>();
List<String> signWith = new ArrayList<>();
@CommandLine.Option(names = "--with-key-password",
description = "Provide indirect file type pointing at passphrase(s) for secret key(s)",
descriptionKey = "sop.encrypt.usage.option.with_key_password",
paramLabel = "PASSWORD")
List<String> withKeyPassword = new ArrayList<>();
@CommandLine.Parameters(description = "Certificates the message gets encrypted to",
@CommandLine.Parameters(descriptionKey = "sop.encrypt.usage.param.certs",
index = "0..*",
paramLabel = "CERTS")
List<File> certs = new ArrayList<>();
List<String> certs = new ArrayList<>();
@Override
public void run() {
@ -63,20 +60,24 @@ public class EncryptCmd extends AbstractSopCmd {
try {
encrypt.mode(type);
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
throw new SOPGPException.UnsupportedOption("Unsupported option '--as'.", unsupportedOption);
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--as");
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
}
}
if (withPassword.isEmpty() && certs.isEmpty()) {
throw new SOPGPException.MissingArg("At least one password file or cert file required for encryption.");
String errorMsg = getMsg("sop.error.usage.password_or_cert_required");
throw new SOPGPException.MissingArg(errorMsg);
}
for (String passwordFileName : withPassword) {
try {
String password = FileUtil.stringFromInputStream(FileUtil.getFileInputStream(passwordFileName));
String password = stringFromInputStream(getInput(passwordFileName));
encrypt.withPassword(password);
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
throw new SOPGPException.UnsupportedOption("Unsupported option '--with-password'.", unsupportedOption);
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--with-password");
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
} catch (IOException e) {
throw new RuntimeException(e);
}
@ -84,46 +85,51 @@ public class EncryptCmd extends AbstractSopCmd {
for (String passwordFileName : withKeyPassword) {
try {
String password = FileUtil.stringFromInputStream(FileUtil.getFileInputStream(passwordFileName));
String password = stringFromInputStream(getInput(passwordFileName));
encrypt.withKeyPassword(password);
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
throw new SOPGPException.UnsupportedOption("Unsupported option '--with-key-password'.", unsupportedOption);
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--with-key-password");
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
for (File keyFile : signWith) {
try (FileInputStream keyIn = new FileInputStream(keyFile)) {
for (String keyInput : signWith) {
try (InputStream keyIn = getInput(keyInput)) {
encrypt.signWith(keyIn);
} catch (FileNotFoundException e) {
throw new SOPGPException.MissingInput("Key file " + keyFile.getAbsolutePath() + " not found.", e);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (SOPGPException.KeyIsProtected keyIsProtected) {
throw new SOPGPException.KeyIsProtected("Key from " + keyFile.getAbsolutePath() + " is password protected.", keyIsProtected);
String errorMsg = getMsg("sop.error.runtime.cannot_unlock_key", keyInput);
throw new SOPGPException.KeyIsProtected(errorMsg, keyIsProtected);
} catch (SOPGPException.UnsupportedAsymmetricAlgo unsupportedAsymmetricAlgo) {
throw new SOPGPException.UnsupportedAsymmetricAlgo("Key from " + keyFile.getAbsolutePath() + " has unsupported asymmetric algorithm.", unsupportedAsymmetricAlgo);
String errorMsg = getMsg("sop.error.runtime.key_uses_unsupported_asymmetric_algorithm", keyInput);
throw new SOPGPException.UnsupportedAsymmetricAlgo(errorMsg, unsupportedAsymmetricAlgo);
} catch (SOPGPException.KeyCannotSign keyCannotSign) {
throw new SOPGPException.KeyCannotSign("Key from " + keyFile.getAbsolutePath() + " cannot sign.", keyCannotSign);
String errorMsg = getMsg("sop.error.runtime.key_cannot_sign", keyInput);
throw new SOPGPException.KeyCannotSign(errorMsg, keyCannotSign);
} catch (SOPGPException.BadData badData) {
throw new SOPGPException.BadData("Key file " + keyFile.getAbsolutePath() + " does not contain a valid OpenPGP private key.", badData);
String errorMsg = getMsg("sop.error.input.not_a_private_key", keyInput);
throw new SOPGPException.BadData(errorMsg, badData);
}
}
for (File certFile : certs) {
try (FileInputStream certIn = new FileInputStream(certFile)) {
for (String certInput : certs) {
try (InputStream certIn = getInput(certInput)) {
encrypt.withCert(certIn);
} catch (FileNotFoundException e) {
throw new SOPGPException.MissingInput("Certificate file " + certFile.getAbsolutePath() + " not found.", e);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (SOPGPException.UnsupportedAsymmetricAlgo unsupportedAsymmetricAlgo) {
throw new SOPGPException.UnsupportedAsymmetricAlgo("Certificate from " + certFile.getAbsolutePath() + " has unsupported asymmetric algorithm.", unsupportedAsymmetricAlgo);
String errorMsg = getMsg("sop.error.runtime.cert_uses_unsupported_asymmetric_algorithm", certInput);
throw new SOPGPException.UnsupportedAsymmetricAlgo(errorMsg, unsupportedAsymmetricAlgo);
} catch (SOPGPException.CertCannotEncrypt certCannotEncrypt) {
throw new SOPGPException.CertCannotEncrypt("Certificate from " + certFile.getAbsolutePath() + " is not capable of encryption.", certCannotEncrypt);
String errorMsg = getMsg("sop.error.runtime.cert_cannot_encrypt", certInput);
throw new SOPGPException.CertCannotEncrypt(errorMsg, certCannotEncrypt);
} catch (SOPGPException.BadData badData) {
throw new SOPGPException.BadData("Certificate file " + certFile.getAbsolutePath() + " does not contain a valid OpenPGP certificate.", badData);
String errorMsg = getMsg("sop.error.input.not_a_certificate", certInput);
throw new SOPGPException.BadData(errorMsg, badData);
}
}

7
sop-java-picocli/src/main/java/sop/cli/picocli/commands/ExtractCertCmd.java
View file

@ -13,12 +13,12 @@ import sop.exception.SOPGPException;
import sop.operation.ExtractCert;
@CommandLine.Command(name = "extract-cert",
description = "Extract a public key certificate from a secret key from standard input",
resourceBundle = "sop",
exitCodeOnInvalidInput = 37)
public class ExtractCertCmd extends AbstractSopCmd {
@CommandLine.Option(names = "--no-armor",
description = "ASCII armor the output",
descriptionKey = "sop.extract-cert.usage.option.armor",
negatable = true)
boolean armor = true;
@ -37,7 +37,8 @@ public class ExtractCertCmd extends AbstractSopCmd {
} catch (IOException e) {
throw new RuntimeException(e);
} catch (SOPGPException.BadData badData) {
throw new SOPGPException.BadData("Standard Input does not contain valid OpenPGP private key material.", badData);
String errorMsg = getMsg("sop.error.input.stdin_not_a_private_key");
throw new SOPGPException.BadData(errorMsg, badData);
}
}
}

35
sop-java-picocli/src/main/java/sop/cli/picocli/commands/GenerateKeyCmd.java
View file

@ -4,33 +4,31 @@
package sop.cli.picocli.commands;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import picocli.CommandLine;
import sop.Ready;
import sop.cli.picocli.FileUtil;
import sop.cli.picocli.Print;
import sop.cli.picocli.SopCLI;
import sop.exception.SOPGPException;
import sop.operation.GenerateKey;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
@CommandLine.Command(name = "generate-key",
description = "Generate a secret key",
resourceBundle = "sop",
exitCodeOnInvalidInput = 37)
public class GenerateKeyCmd extends AbstractSopCmd {
@CommandLine.Option(names = "--no-armor",
description = "ASCII armor the output",
descriptionKey = "sop.generate-key.usage.option.armor",
negatable = true)
boolean armor = true;
@CommandLine.Parameters(description = "User-ID, eg. \"Alice <alice@example.com>\"")
@CommandLine.Parameters(descriptionKey = "sop.generate-key.usage.option.user_id")
List<String> userId = new ArrayList<>();
@CommandLine.Option(names = "--with-key-password",
description = "Indirect file type pointing to file containing password to protect the key",
descriptionKey = "sop.generate-key.usage.option.with_key_password",
paramLabel = "PASSWORD")
String withKeyPassword;
@ -49,10 +47,11 @@ public class GenerateKeyCmd extends AbstractSopCmd {
if (withKeyPassword != null) {
try {
String password = FileUtil.stringFromInputStream(FileUtil.getFileInputStream(withKeyPassword));
String password = stringFromInputStream(getInput(withKeyPassword));
generateKey.withKeyPassword(password);
} catch (SOPGPException.UnsupportedOption e) {
throw new SOPGPException.UnsupportedOption("Option '--with-key-password' is not supported.");
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--with-key-password");
throw new SOPGPException.UnsupportedOption(errorMsg, e);
} catch (IOException e) {
throw new RuntimeException(e);
}
@ -61,18 +60,8 @@ public class GenerateKeyCmd extends AbstractSopCmd {
try {
Ready ready = generateKey.generate();
ready.writeTo(System.out);
} catch (SOPGPException.MissingArg missingArg) {
Print.errln("Missing argument.");
Print.trace(missingArg);
System.exit(missingArg.getExitCode());
} catch (SOPGPException.UnsupportedAsymmetricAlgo unsupportedAsymmetricAlgo) {
Print.errln("Unsupported asymmetric algorithm.");
Print.trace(unsupportedAsymmetricAlgo);
System.exit(unsupportedAsymmetricAlgo.getExitCode());
} catch (IOException e) {
Print.errln("IO Error.");
Print.trace(e);
System.exit(1);
throw new RuntimeException(e);
}
}
}

22
sop-java-picocli/src/main/java/sop/cli/picocli/commands/InlineDetachCmd.java
View file

@ -4,29 +4,28 @@
package sop.cli.picocli.commands;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import picocli.CommandLine;
import sop.Signatures;
import sop.cli.picocli.SopCLI;
import sop.exception.SOPGPException;
import sop.operation.InlineDetach;
import java.io.IOException;
import java.io.OutputStream;
@CommandLine.Command(name = "inline-detach",
description = "Split a clearsigned message",
resourceBundle = "sop",
exitCodeOnInvalidInput = SOPGPException.UnsupportedOption.EXIT_CODE)
public class InlineDetachCmd extends AbstractSopCmd {
@CommandLine.Option(
names = {"--signatures-out"},
description = "Destination to which a detached signatures block will be written",
descriptionKey = "sop.inline-detach.usage.option.signatures_out",
paramLabel = "SIGNATURES")
File signaturesOut;
String signaturesOut;
@CommandLine.Option(names = "--no-armor",
description = "ASCII armor the output",
descriptionKey = "sop.inline-detach.usage.option.armor",
negatable = true)
boolean armor = true;
@ -35,18 +34,17 @@ public class InlineDetachCmd extends AbstractSopCmd {
InlineDetach inlineDetach = throwIfUnsupportedSubcommand(
SopCLI.getSop().inlineDetach(), "inline-detach");
throwIfOutputExists(signaturesOut, "--signatures-out");
throwIfOutputExists(signaturesOut);
throwIfMissingArg(signaturesOut, "--signatures-out");
if (!armor) {
inlineDetach.noArmor();
}
try {
try (OutputStream outputStream = getOutput(signaturesOut)) {
Signatures signatures = inlineDetach
.message(System.in).writeTo(System.out);
signaturesOut.createNewFile();
signatures.writeTo(new FileOutputStream(signaturesOut));
signatures.writeTo(outputStream);
} catch (IOException e) {
throw new RuntimeException(e);
}

76
sop-java-picocli/src/main/java/sop/cli/picocli/commands/InlineSignCmd.java
View file

@ -8,99 +8,90 @@ import picocli.CommandLine;
import sop.MicAlg;
import sop.ReadyWithResult;
import sop.SigningResult;
import sop.cli.picocli.FileUtil;
import sop.cli.picocli.Print;
import sop.cli.picocli.SopCLI;
import sop.enums.InlineSignAs;
import sop.exception.SOPGPException;
import sop.operation.InlineSign;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.List;
@CommandLine.Command(name = "inline-sign",
description = "Create an inline-signed message from data on standard input",
resourceBundle = "sop",
exitCodeOnInvalidInput = 37)
public class InlineSignCmd extends AbstractSopCmd {
@CommandLine.Option(names = "--no-armor",
description = "ASCII armor the output",
descriptionKey = "sop.inline-sign.usage.option.armor",
negatable = true)
boolean armor = true;
@CommandLine.Option(names = "--as", description = "Defaults to 'binary'. If '--as=text' and the input data is not valid UTF-8, inline-sign fails with return code 53.",
@CommandLine.Option(names = "--as",
descriptionKey = "sop.inline-sign.usage.option.as",
paramLabel = "{binary|text|cleartextsigned}")
InlineSignAs type;
@CommandLine.Parameters(description = "Secret keys used for signing",
@CommandLine.Parameters(descriptionKey = "sop.inline-sign.usage.parameter.keys",
paramLabel = "KEYS")
List<File> secretKeyFile = new ArrayList<>();
List<String> secretKeyFile = new ArrayList<>();
@CommandLine.Option(names = "--with-key-password", description = "Password(s) to unlock the secret key(s) with",
@CommandLine.Option(names = "--with-key-password",
descriptionKey = "sop.inline-sign.usage.option.with_key_password",
paramLabel = "PASSWORD")
List<String> withKeyPassword = new ArrayList<>();
@CommandLine.Option(names = "--micalg-out", description = "Emits the digest algorithm used to the specified file in a way that can be used to populate the micalg parameter for the PGP/MIME Content-Type (RFC3156)",
@CommandLine.Option(names = "--micalg-out",
descriptionKey = "sop.inline-sign.usage.option.micalg",
paramLabel = "MICALG")
File micAlgOut;
String micAlgOut;
@Override
public void run() {
InlineSign inlineSign = throwIfUnsupportedSubcommand(
SopCLI.getSop().inlineSign(), "inline-sign");
throwIfOutputExists(micAlgOut, "--micalg-out");
throwIfOutputExists(micAlgOut);
if (type != null) {
try {
inlineSign.mode(type);
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
Print.errln("Unsupported option '--as'");
Print.trace(unsupportedOption);
System.exit(unsupportedOption.getExitCode());
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--as");
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
}
}
if (secretKeyFile.isEmpty()) {
Print.errln("Missing required parameter 'KEYS'.");
System.exit(19);
String errorMsg = getMsg("sop.error.usage.parameter_required", "KEYS");
throw new SOPGPException.MissingArg(errorMsg);
}
for (String passwordFile : withKeyPassword) {
try {
String password = FileUtil.stringFromInputStream(FileUtil.getFileInputStream(passwordFile));
String password = stringFromInputStream(getInput(passwordFile));
inlineSign.withKeyPassword(password);
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, "--with-key-password"), unsupportedOption);
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--with-key-password");
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
for (File keyFile : secretKeyFile) {
try (FileInputStream keyIn = new FileInputStream(keyFile)) {
for (String keyInput : secretKeyFile) {
try (InputStream keyIn = getInput(keyInput)) {
inlineSign.key(keyIn);
} catch (FileNotFoundException e) {
Print.errln("File " + keyFile.getAbsolutePath() + " does not exist.");
Print.trace(e);
System.exit(1);
} catch (IOException e) {
Print.errln("Cannot access file " + keyFile.getAbsolutePath());
Print.trace(e);
System.exit(1);
throw new RuntimeException(e);
} catch (SOPGPException.KeyIsProtected e) {
Print.errln("Key " + keyFile.getName() + " is password protected.");
Print.trace(e);
System.exit(1);
String errorMsg = getMsg("sop.error.runtime.cannot_unlock_key", keyInput);
throw new SOPGPException.KeyIsProtected(errorMsg, e);
} catch (SOPGPException.BadData badData) {
Print.errln("Bad data in key file " + keyFile.getAbsolutePath() + ":");
Print.trace(badData);
System.exit(badData.getExitCode());
String errorMsg = getMsg("sop.error.input.not_a_private_key", keyInput);
throw new SOPGPException.BadData(errorMsg, badData);
}
}
@ -115,19 +106,12 @@ public class InlineSignCmd extends AbstractSopCmd {
MicAlg micAlg = result.getMicAlg();
if (micAlgOut != null) {
// Write micalg out
micAlgOut.createNewFile();
FileOutputStream micAlgOutStream = new FileOutputStream(micAlgOut);
OutputStream micAlgOutStream = getOutput(micAlgOut);
micAlg.writeTo(micAlgOutStream);
micAlgOutStream.close();
}
} catch (IOException e) {
Print.errln("IO Error.");
Print.trace(e);
System.exit(1);
} catch (SOPGPException.ExpectedText expectedText) {
Print.errln("Expected text input, but got binary data.");
Print.trace(expectedText);
System.exit(expectedText.getExitCode());
throw new RuntimeException(e);
}
}
}

82
sop-java-picocli/src/main/java/sop/cli/picocli/commands/InlineVerifyCmd.java
View file

@ -7,91 +7,76 @@ package sop.cli.picocli.commands;
import picocli.CommandLine;
import sop.ReadyWithResult;
import sop.Verification;
import sop.cli.picocli.DateParser;
import sop.cli.picocli.Print;
import sop.cli.picocli.SopCLI;
import sop.exception.SOPGPException;
import sop.operation.InlineVerify;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;
@CommandLine.Command(name = "inline-verify",
description = "Verify inline-signed data from standard input",
resourceBundle = "sop",
exitCodeOnInvalidInput = 37)
public class InlineVerifyCmd extends AbstractSopCmd {
@CommandLine.Parameters(arity = "1..*",
description = "Public key certificates",
descriptionKey = "sop.inline-verify.usage.parameter.certs",
paramLabel = "CERT")
List<File> certificates = new ArrayList<>();
List<String> certificates = new ArrayList<>();
@CommandLine.Option(names = {"--not-before"},
description = "ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\n" +
"Reject signatures with a creation date not in range.\n" +
"Defaults to beginning of time (\"-\").",
descriptionKey = "sop.inline-verify.usage.option.not_before",
paramLabel = "DATE")
String notBefore = "-";
@CommandLine.Option(names = {"--not-after"},
description = "ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\n" +
"Reject signatures with a creation date not in range.\n" +
"Defaults to current system time (\"now\").\n" +
"Accepts special value \"-\" for end of time.",
descriptionKey = "sop.inline-verify.usage.option.not_after",
paramLabel = "DATE")
String notAfter = "now";
@CommandLine.Option(names = "--verifications-out",
description = "File to write details over successful verifications to")
File verificationsOut;
descriptionKey = "sop.inline-verify.usage.option.verifications_out")
String verificationsOut;
@Override
public void run() {
InlineVerify inlineVerify = throwIfUnsupportedSubcommand(
SopCLI.getSop().inlineVerify(), "inline-verify");
throwIfOutputExists(verificationsOut, "--verifications-out");
throwIfOutputExists(verificationsOut);
if (notAfter != null) {
try {
inlineVerify.notAfter(DateParser.parseNotAfter(notAfter));
inlineVerify.notAfter(parseNotAfter(notAfter));
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
Print.errln("Unsupported option '--not-after'.");
Print.trace(unsupportedOption);
System.exit(unsupportedOption.getExitCode());
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--not-after");
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
}
}
if (notBefore != null) {
try {
inlineVerify.notBefore(DateParser.parseNotBefore(notBefore));
inlineVerify.notBefore(parseNotBefore(notBefore));
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
Print.errln("Unsupported option '--not-before'.");
Print.trace(unsupportedOption);
System.exit(unsupportedOption.getExitCode());
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--not-before");
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
}
}
for (File certFile : certificates) {
try (FileInputStream certIn = new FileInputStream(certFile)) {
for (String certInput : certificates) {
try (InputStream certIn = getInput(certInput)) {
inlineVerify.cert(certIn);
} catch (FileNotFoundException fileNotFoundException) {
Print.errln("Certificate file " + certFile.getAbsolutePath() + " not found.");
Print.trace(fileNotFoundException);
System.exit(1);
} catch (IOException ioException) {
Print.errln("IO Error.");
Print.trace(ioException);
System.exit(1);
throw new RuntimeException(ioException);
} catch (SOPGPException.UnsupportedAsymmetricAlgo unsupportedAsymmetricAlgo) {
String errorMsg = getMsg("sop.error.runtime.cert_uses_unsupported_asymmetric_algorithm", certInput);
throw new SOPGPException.UnsupportedAsymmetricAlgo(errorMsg, unsupportedAsymmetricAlgo);
} catch (SOPGPException.BadData badData) {
Print.errln("Certificate file " + certFile.getAbsolutePath() + " appears to not contain a valid OpenPGP certificate.");
Print.trace(badData);
System.exit(badData.getExitCode());
String errorMsg = getMsg("sop.error.input.not_a_certificate", certInput);
throw new SOPGPException.BadData(errorMsg, badData);
}
}
@ -100,23 +85,18 @@ public class InlineVerifyCmd extends AbstractSopCmd {
ReadyWithResult<List<Verification>> ready = inlineVerify.data(System.in);
verifications = ready.writeTo(System.out);
} catch (SOPGPException.NoSignature e) {
Print.errln("No verifiable signature found.");
Print.trace(e);
System.exit(e.getExitCode());
String errorMsg = getMsg("sop.error.runtime.no_verifiable_signature_found");
throw new SOPGPException.NoSignature(errorMsg, e);
} catch (IOException ioException) {
Print.errln("IO Error.");
Print.trace(ioException);
System.exit(1);
throw new RuntimeException(ioException);
} catch (SOPGPException.BadData badData) {
Print.errln("Standard Input appears not to contain a valid OpenPGP message.");
Print.trace(badData);
System.exit(badData.getExitCode());
String errorMsg = getMsg("sop.error.input.stdin_not_a_message");
throw new SOPGPException.BadData(errorMsg, badData);
}
if (verificationsOut != null) {
try {
verificationsOut.createNewFile();
PrintWriter pw = new PrintWriter(verificationsOut);
try (OutputStream outputStream = getOutput(verificationsOut)) {
PrintWriter pw = new PrintWriter(outputStream);
for (Verification verification : verifications) {
// CHECKSTYLE:OFF
pw.println(verification);

102
sop-java-picocli/src/main/java/sop/cli/picocli/commands/SignCmd.java
View file

@ -4,126 +4,110 @@
package sop.cli.picocli.commands;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import picocli.CommandLine;
import sop.MicAlg;
import sop.ReadyWithResult;
import sop.SigningResult;
import sop.cli.picocli.FileUtil;
import sop.cli.picocli.Print;
import sop.cli.picocli.SopCLI;
import sop.enums.SignAs;
import sop.exception.SOPGPException;
import sop.operation.Sign;
import sop.operation.DetachedSign;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.List;
@CommandLine.Command(name = "sign",
description = "Create a detached signature on the data from standard input",
resourceBundle = "sop",
exitCodeOnInvalidInput = 37)
public class SignCmd extends AbstractSopCmd {
@CommandLine.Option(names = "--no-armor",
description = "ASCII armor the output",
descriptionKey = "sop.sign.usage.option.armor",
negatable = true)
boolean armor = true;
@CommandLine.Option(names = "--as", description = "Defaults to 'binary'. If '--as=text' and the input data is not valid UTF-8, sign fails with return code 53.",
@CommandLine.Option(names = "--as",
descriptionKey = "sop.sign.usage.option.as",
paramLabel = "{binary|text}")
SignAs type;
@CommandLine.Parameters(description = "Secret keys used for signing",
@CommandLine.Parameters(descriptionKey = "sop.sign.usage.parameter.keys",
paramLabel = "KEYS")
List<File> secretKeyFile = new ArrayList<>();
List<String> secretKeyFile = new ArrayList<>();
@CommandLine.Option(names = "--with-key-password", description = "Password(s) to unlock the secret key(s) with",
@CommandLine.Option(names = "--with-key-password",
descriptionKey = "sop.sign.usage.option.with_key_password",
paramLabel = "PASSWORD")
List<String> withKeyPassword = new ArrayList<>();
@CommandLine.Option(names = "--micalg-out", description = "Emits the digest algorithm used to the specified file in a way that can be used to populate the micalg parameter for the PGP/MIME Content-Type (RFC3156)",
@CommandLine.Option(names = "--micalg-out",
descriptionKey = "sop.sign.usage.option.micalg_out",
paramLabel = "MICALG")
File micAlgOut;
String micAlgOut;
@Override
public void run() {
Sign sign = throwIfUnsupportedSubcommand(
SopCLI.getSop().sign(), "sign");
DetachedSign detachedSign = throwIfUnsupportedSubcommand(
SopCLI.getSop().detachedSign(), "sign");
throwIfOutputExists(micAlgOut, "--micalg-out");
throwIfOutputExists(micAlgOut);
throwIfEmptyParameters(secretKeyFile, "KEYS");
if (type != null) {
try {
sign.mode(type);
detachedSign.mode(type);
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
Print.errln("Unsupported option '--as'");
Print.trace(unsupportedOption);
System.exit(unsupportedOption.getExitCode());
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--as");
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
}
}
for (String passwordFile : withKeyPassword) {
try {
String password = FileUtil.stringFromInputStream(FileUtil.getFileInputStream(passwordFile));
sign.withKeyPassword(password);
String password = stringFromInputStream(getInput(passwordFile));
detachedSign.withKeyPassword(password);
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, "--with-key-password"), unsupportedOption);
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--with-key-password");
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
for (File keyFile : secretKeyFile) {
try (FileInputStream keyIn = new FileInputStream(keyFile)) {
sign.key(keyIn);
} catch (FileNotFoundException e) {
Print.errln("File " + keyFile.getAbsolutePath() + " does not exist.");
Print.trace(e);
System.exit(1);
for (String keyInput : secretKeyFile) {
try (InputStream keyIn = getInput(keyInput)) {
detachedSign.key(keyIn);
} catch (IOException e) {
Print.errln("Cannot access file " + keyFile.getAbsolutePath());
Print.trace(e);
System.exit(1);
} catch (SOPGPException.KeyIsProtected e) {
Print.errln("Key " + keyFile.getName() + " is password protected.");
Print.trace(e);
System.exit(1);
throw new RuntimeException(e);
} catch (SOPGPException.KeyIsProtected keyIsProtected) {
String errorMsg = getMsg("sop.error.runtime.cannot_unlock_key", keyInput);
throw new SOPGPException.KeyIsProtected(errorMsg, keyIsProtected);
} catch (SOPGPException.BadData badData) {
Print.errln("Bad data in key file " + keyFile.getAbsolutePath() + ":");
Print.trace(badData);
System.exit(badData.getExitCode());
String errorMsg = getMsg("sop.error.input.not_a_private_key", keyInput);
throw new SOPGPException.BadData(errorMsg, badData);
}
}
if (!armor) {
sign.noArmor();
detachedSign.noArmor();
}
try {
ReadyWithResult<SigningResult> ready = sign.data(System.in);
ReadyWithResult<SigningResult> ready = detachedSign.data(System.in);
SigningResult result = ready.writeTo(System.out);
MicAlg micAlg = result.getMicAlg();
if (micAlgOut != null) {
// Write micalg out
micAlgOut.createNewFile();
FileOutputStream micAlgOutStream = new FileOutputStream(micAlgOut);
micAlg.writeTo(micAlgOutStream);
micAlgOutStream.close();
OutputStream outputStream = getOutput(micAlgOut);
micAlg.writeTo(outputStream);
outputStream.close();
}
} catch (IOException e) {
Print.errln("IO Error.");
Print.trace(e);
System.exit(1);
} catch (SOPGPException.ExpectedText expectedText) {
Print.errln("Expected text input, but got binary data.");
Print.trace(expectedText);
System.exit(expectedText.getExitCode());
throw new RuntimeException(e);
}
}
}

108
sop-java-picocli/src/main/java/sop/cli/picocli/commands/VerifyCmd.java
View file

@ -4,129 +4,101 @@
package sop.cli.picocli.commands;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import picocli.CommandLine;
import sop.Verification;
import sop.cli.picocli.DateParser;
import sop.cli.picocli.Print;
import sop.cli.picocli.SopCLI;
import sop.exception.SOPGPException;
import sop.operation.Verify;
import sop.operation.DetachedVerify;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
@CommandLine.Command(name = "verify",
description = "Verify a detached signature over the data from standard input",
resourceBundle = "sop",
exitCodeOnInvalidInput = 37)
public class VerifyCmd extends AbstractSopCmd {
@CommandLine.Parameters(index = "0",
description = "Detached signature",
descriptionKey = "sop.verify.usage.parameter.signature",
paramLabel = "SIGNATURE")
File signature;
String signature;
@CommandLine.Parameters(index = "0..*",
arity = "1..*",
description = "Public key certificates",
descriptionKey = "sop.verify.usage.parameter.certs",
paramLabel = "CERT")
List<File> certificates = new ArrayList<>();
List<String> certificates = new ArrayList<>();
@CommandLine.Option(names = {"--not-before"},
description = "ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\n" +
"Reject signatures with a creation date not in range.\n" +
"Defaults to beginning of time (\"-\").",
descriptionKey = "sop.verify.usage.option.not_before",
paramLabel = "DATE")
String notBefore = "-";
@CommandLine.Option(names = {"--not-after"},
description = "ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\n" +
"Reject signatures with a creation date not in range.\n" +
"Defaults to current system time (\"now\").\n" +
"Accepts special value \"-\" for end of time.",
descriptionKey = "sop.verify.usage.option.not_after",
paramLabel = "DATE")
String notAfter = "now";
@Override
public void run() {
Verify verify = throwIfUnsupportedSubcommand(
SopCLI.getSop().verify(), "verify");
DetachedVerify detachedVerify = throwIfUnsupportedSubcommand(
SopCLI.getSop().detachedVerify(), "verify");
if (notAfter != null) {
try {
verify.notAfter(DateParser.parseNotAfter(notAfter));
detachedVerify.notAfter(parseNotAfter(notAfter));
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
Print.errln("Unsupported option '--not-after'.");
Print.trace(unsupportedOption);
System.exit(unsupportedOption.getExitCode());
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--not-after");
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
}
}
if (notBefore != null) {
try {
verify.notBefore(DateParser.parseNotBefore(notBefore));
detachedVerify.notBefore(parseNotBefore(notBefore));
} catch (SOPGPException.UnsupportedOption unsupportedOption) {
Print.errln("Unsupported option '--not-before'.");
Print.trace(unsupportedOption);
System.exit(unsupportedOption.getExitCode());
String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--not-before");
throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
}
}
for (File certFile : certificates) {
try (FileInputStream certIn = new FileInputStream(certFile)) {
verify.cert(certIn);
} catch (FileNotFoundException fileNotFoundException) {
Print.errln("Certificate file " + certFile.getAbsolutePath() + " not found.");
Print.trace(fileNotFoundException);
System.exit(1);
for (String certInput : certificates) {
try (InputStream certIn = getInput(certInput)) {
detachedVerify.cert(certIn);
} catch (IOException ioException) {
Print.errln("IO Error.");
Print.trace(ioException);
System.exit(1);
throw new RuntimeException(ioException);
} catch (SOPGPException.BadData badData) {
Print.errln("Certificate file " + certFile.getAbsolutePath() + " appears to not contain a valid OpenPGP certificate.");
Print.trace(badData);
System.exit(badData.getExitCode());
String errorMsg = getMsg("sop.error.input.not_a_certificate", certInput);
throw new SOPGPException.BadData(errorMsg, badData);
}
}
if (signature != null) {
try (FileInputStream sigIn = new FileInputStream(signature)) {
verify.signatures(sigIn);
} catch (FileNotFoundException e) {
Print.errln("Signature file " + signature.getAbsolutePath() + " does not exist.");
Print.trace(e);
System.exit(1);
try (InputStream sigIn = getInput(signature)) {
detachedVerify.signatures(sigIn);
} catch (IOException e) {
Print.errln("IO Error.");
Print.trace(e);
System.exit(1);
throw new RuntimeException(e);
} catch (SOPGPException.BadData badData) {
Print.errln("File " + signature.getAbsolutePath() + " does not contain a valid OpenPGP signature.");
Print.trace(badData);
System.exit(badData.getExitCode());
String errorMsg = getMsg("sop.error.input.not_a_signature", signature);
throw new SOPGPException.BadData(errorMsg, badData);
}
}
List<Verification> verifications = null;
List<Verification> verifications;
try {
verifications = verify.data(System.in);
verifications = detachedVerify.data(System.in);
} catch (SOPGPException.NoSignature e) {
Print.errln("No verifiable signature found.");
Print.trace(e);
System.exit(e.getExitCode());
String errorMsg = getMsg("sop.error.runtime.no_verifiable_signature_found");
throw new SOPGPException.NoSignature(errorMsg, e);
} catch (IOException ioException) {
Print.errln("IO Error.");
Print.trace(ioException);
System.exit(1);
throw new RuntimeException(ioException);
} catch (SOPGPException.BadData badData) {
Print.errln("Standard Input appears not to contain a valid OpenPGP message.");
Print.trace(badData);
System.exit(badData.getExitCode());
String errorMsg = getMsg("sop.error.input.stdin_not_a_message");
throw new SOPGPException.BadData(errorMsg, badData);
}
for (Verification verification : verifications) {
Print.outln(verification.toString());
}

8
sop-java-picocli/src/main/java/sop/cli/picocli/commands/VersionCmd.java
View file

@ -9,7 +9,7 @@ import sop.cli.picocli.Print;
import sop.cli.picocli.SopCLI;
import sop.operation.Version;
@CommandLine.Command(name = "version", description = "Display version information about the tool",
@CommandLine.Command(name = "version", resourceBundle = "sop",
exitCodeOnInvalidInput = 37)
public class VersionCmd extends AbstractSopCmd {
@ -17,10 +17,12 @@ public class VersionCmd extends AbstractSopCmd {
Exclusive exclusive;
static class Exclusive {
@CommandLine.Option(names = "--extended", description = "Print an extended version string.")
@CommandLine.Option(names = "--extended",
descriptionKey = "sop.version.usage.option.extended")
boolean extended;
@CommandLine.Option(names = "--backend", description = "Print information about the cryptographic backend.")
@CommandLine.Option(names = "--backend",
descriptionKey = "sop.version.usage.option.backend")
boolean backend;
}

157
sop-java-picocli/src/main/resources/sop.properties Normal file
View file

@ -0,0 +1,157 @@
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
#
# SPDX-License-Identifier: Apache-2.0
sop.name=sop
usage.header=Stateless OpenPGP Protocol
usage.footerHeading=Powered by picocli%n
sop.locale=Locale for description texts
# Generic
usage.synopsisHeading=Usage:\u0020
usage.commandListHeading = %nCommands:%n
# Exit Codes
usage.exitCodeListHeading=%nExit Codes:%n
usage.exitCodeList.0=\u00200:Successful program execution.
usage.exitCodeList.1=\u00201:Generic program error
usage.exitCodeList.2=\u00203:Verification requested but no verifiable signature found
usage.exitCodeList.3=13:Unsupported asymmetric algorithm
usage.exitCodeList.4=17:Certificate is not encryption capable
usage.exitCodeList.5=19:Usage error: Missing argument
usage.exitCodeList.6=23:Incomplete verification instructions
usage.exitCodeList.7=29:Unable to decrypt
usage.exitCodeList.8=31:Password is not human-readable
usage.exitCodeList.9=37:Unsupported Option
usage.exitCodeList.10=41:Invalid data or data of wrong type encountered
usage.exitCodeList.11=53:Non-text input received where text was expected
usage.exitCodeList.12=59:Output file already exists
usage.exitCodeList.13=61:Input file does not exist
usage.exitCodeList.14=67:Cannot unlock password protected secret key
usage.exitCodeList.15=69:Unsupported subcommand
usage.exitCodeList.16=71:Unsupported special prefix (e.g. \"@env/@fd\") of indirect parameter
usage.exitCodeList.17=73:Ambiguous input (a filename matching the designator already exists)
usage.exitCodeList.18=79:Key is not signing capable
# Subcommands
sop.armor.usage.header=Add ASCII Armor to standard input
sop.armor.usage.option.label=Label to be used in the header and tail of the armoring
sop.dearmor.usage.header=Remove ASCII Armor from standard input
sop.decrypt.usage.header=Decrypt a message from standard input
sop.decrypt.usage.option.session_key_out=Can be used to learn the session key on successful decryption
sop.decrypt.usage.option.with_session_key.0=Symmetric message key (session key).
sop.decrypt.usage.option.with_session_key.1=Enables decryption of the "CIPHERTEXT" using the session key directly against the "SEIPD" packet.
sop.decrypt.usage.option.with_session_key.2=Is an INDIRECT data type (eg. file, environment variable, file descriptor...)
sop.decrypt.usage.option.with_password.0=Symmetric passphrase to decrypt the message with.
sop.decrypt.usage.option.with_password.1=Enables decryption based on any "SKESK" packets in the "CIPHERTEXT".
sop.decrypt.usage.option.with_password_2=Is an INDIRECT data type (eg. file, environment variable, file descriptor...)
sop.decrypt.usage.option.verify_out=Emits signature verification status to the designated output
sop.decrypt.usage.option.certs=Certificates for signature verification
sop.decrypt.usage.option.not_before.0=ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)
sop.decrypt.usage.option.not_before.1=Reject signatures with a creation date not in range.
sop.decrypt.usage.option.not_before.2=Defaults to beginning of time ('-').
sop.decrypt.usage.option.not_after.0=ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)
sop.decrypt.usage.option.not_after.1=Reject signatures with a creation date not in range.
sop.decrypt.usage.option.not_after.2=Defaults to current system time ('now').
sop.decrypt.usage.option.not_after.3=Accepts special value '-' for end of time.
sop.decrypt.usage.option.with_key_password.0=Passphrase to unlock the secret key(s).
sop.decrypt.usage.option.with_key_password.1=Is an INDIRECT data type (eg. file, environment variable, file descriptor...).
sop.decrypt.usage.param.keys=Secret keys to attempt decryption with
sop.encrypt.usage.header=Encrypt a message from standard input
sop.encrypt.usage.option.armor=ASCII armor the output
sop.encrypt.usage.option.type=Type of the input data. Defaults to 'binary'
sop.encrypt.usage.option.with_password.0=Encrypt the message with a password.
sop.encrypt.usage.option.with_password.1=Is an INDIRECT data type (eg. file, environment variable, file descriptor...)
sop.encrypt.usage.option.sign_with=Sign the output with a private key
sop.encrypt.usage.option.with_key_password.0=Passphrase to unlock the secret key(s).
sop.encrypt.usage.option.with_key_password.1=Is an INDIRECT data type (eg. file, environment variable, file descriptor...).
sop.encrypt.usage.param.certs=Certificates the message gets encrypted to
sop.extract-cert.usage.header=Extract a public key certificate from a secret key from standard input
sop.extract-cert.usage.option.armor=ASCII armor the output
sop.generate-key.usage.header=Generate a secret key
sop.generate-key.usage.option.armor=ASCII armor the output
sop.generate-key.usage.option.user_id=User-ID, eg. "Alice <alice@example.com>"
sop.generate-key.usage.option.with_key_password.0=Password to protect the private key with
sop.generate-key.usage.option.with_key_password.1=Is an INDIRECT data type (eg. file, environment variable, file descriptor...).
sop.inline-detach.usage.header=Split signatures from a clearsigned message
sop.inline-detach.usage.option.armor=ASCII armor the output
sop.inline-detach.usage.option.signatures_out=Destination to which a detached signatures block will be written
sop.inline-sign.usage.header=Create an inline-signed message from data on standard input
sop.inline-sign.usage.option.armor=ASCII armor the output
sop.inline-sign.usage.option.as.0=Specify the signature format of the signed message
sop.inline-sign.usage.option.as.1='text' and 'binary' will produce inline-signed messages.
sop.inline-sign.usage.option.as.2='cleartextsigned' will make use of the cleartext signature framework.
sop.inline-sign.usage.option.as.3=Defaults to 'binary'.
sop.inline-sign.usage.option.as.4=If '--as=text' and the input data is not valid UTF-8, inline-sign fails with return code 53.
sop.inline-sign.usage.option.with_key_password.0=Passphrase to unlock the secret key(s).
sop.inline-sign.usage.option.with_key_password.1=Is an INDIRECT data type (eg. file, environment variable, file descriptor...).
sop.inline-sign.usage.option.micalg=Emits the digest algorithm used to the specified file in a way that can be used to populate the micalg parameter for the PGP/MIME Content-Type (RFC3156)
sop.inline-sign.usage.parameter.keys=Secret keys used for signing
sop.inline-verify.usage.header=Verify inline-signed data from standard input
sop.inline-verify.usage.option.not_before.0=ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)
sop.inline-verify.usage.option.not_before.1=Reject signatures with a creation date not in range.
sop.inline-verify.usage.option.not_before.2=Defaults to beginning of time ("-").
sop.inline-verify.usage.option.not_after.0=ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)
sop.inline-verify.usage.option.not_after.1=Reject signatures with a creation date not in range.
sop.inline-verify.usage.option.not_after.2=Defaults to current system time ("now").
sop.inline-verify.usage.option.not_after.3=Accepts special value "-" for end of time.
sop.inline-verify.usage.option.verifications_out=File to write details over successful verifications to
sop.inline-verify.usage.parameter.certs=Public key certificates for signature verification
sop.sign.usage.header=Create a detached signature on the data from standard input
sop.sign.usage.option.armor=ASCII armor the output
sop.sign.usage.option.as.0=Specify the output format of the signed message
sop.sign.usage.option.as.1=Defaults to 'binary'.
sop.sign.usage-option.as.2=If '--as=text' and the input data is not valid UTF-8, sign fails with return code 53.
sop.sign.usage.option.with_key_password.0=Passphrase to unlock the secret key(s).
sop.sign.usage.option.with_key_password.1=Is an INDIRECT data type (eg. file, environment variable, file descriptor...).
sop.sign.usage.option.micalg_out=Emits the digest algorithm used to the specified file in a way that can be used to populate the micalg parameter for the PGP/MIME Content-Type (RFC3156)
sop.sign.usage.parameter.keys=Secret keys used for signing
sop.verify.usage.header=Verify a detached signature over the data from standard input
sop.verify.usage.option.not_before.0=ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)
sop.verify.usage.option.not_before.1=Reject signatures with a creation date not in range.
sop.verify.usage.option.not_before.2=Defaults to beginning of time ("-").
sop.verify.usage.option.not_after.1=ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)
sop.verify.usage.option.not_after.2=Reject signatures with a creation date not in range.
sop.verify.usage.option.not_after.3=Defaults to current system time ("now").\
sop.verify.usage.option.not_after.4 = Accepts special value "-" for end of time.
sop.verify.usage.parameter.signature=Detached signature
sop.verify.usage.parameter.certs=Public key certificates for signature verification
sop.version.usage.header=Display version information about the tool
sop.version.usage.option.extended=Print an extended version string
sop.version.usage.option.backend=Print information about the cryptographic backend
sop.help.usage.header=Display usage information for the specified subcommand
## Malformed Input
sop.error.input.malformed_session_key=Session keys are expected in the format 'ALGONUM:HEXKEY'.
sop.error.input.not_a_private_key=Input '{0}' does not contain an OpenPGP private key.
sop.error.input.not_a_certificate=Input '{0}' does not contain an OpenPGP certificate.
sop.error.input.not_a_signature=Input '{0}' does not contain an OpenPGP signature.
sop.error.input.malformed_not_after=Invalid date string supplied as value of '--not-after'.
sop.error.input.malformed_not_before=Invalid date string supplied as value of '--not-before'.
sop.error.input.stdin_not_a_message=Standard Input appears not to contain a valid OpenPGP message.
sop.error.input.stdin_not_a_private_key=Standard Input appears not to contain a valid OpenPGP secret key.
sop.error.input.stdin_not_openpgp_data=Standard Input appears not to contain valid OpenPGP data
## Indirect Data Types
sop.error.indirect_data_type.ambiguous_filename=File name '{0}' is ambiguous. File with the same name exists on the filesystem.
sop.error.indirect_data_type.environment_variable_not_set=Environment variable '{0}' not set.
sop.error.indirect_data_type.environment_variable_empty=Environment variable '{0}' is empty.
sop.error.indirect_data_type.input_file_does_not_exist=Input file '{0}' does not exist.
sop.error.indirect_data_type.input_not_a_file=Input file '{0}' is not a file.
sop.error.indirect_data_type.output_file_already_exists=Output file '{0}' already exists.
sop.error.indirect_data_type.output_file_cannot_be_created=Output file '{0}' cannot be created.
sop.error.indirect_data_type.illegal_use_of_env_designator=Special designator '@ENV:' cannot be used for output.
sop.error.indirect_data_type.designator_env_not_supported=Special designator '@ENV' is not supported.
sop.error.indirect_data_type.designator_fd_not_supported=Special designator '@FD' is not supported.
## Runtime Errors
sop.error.runtime.no_backend_set=No SOP backend set.
sop.error.runtime.cannot_unlock_key=Cannot unlock password-protected secret key from input '{0}'.
sop.error.runtime.key_uses_unsupported_asymmetric_algorithm=Secret key from input '{0}' uses an unsupported asymmetric algorithm.
sop.error.runtime.cert_uses_unsupported_asymmetric_algorithm=Certificate from input '{0}' uses an unsupported asymmetric algorithm.
sop.error.runtime.key_cannot_sign=Secret key from input '{0}' cannot sign.
sop.error.runtime.cert_cannot_encrypt=Certificate from input '{0}' cannot encrypt.
sop.error.runtime.no_session_key_extracted=Session key not extracted. Feature potentially not supported.
sop.error.runtime.no_verifiable_signature_found=No verifiable signature found.
## Usage errors
sop.error.usage.password_or_cert_required=At least one password file or cert file required for encryption.
sop.error.usage.argument_required=Argument '{0}' is required.
sop.error.usage.parameter_required=Parameter '{0}' is required.
sop.error.usage.option_requires_other_option=Option '{0}' is requested, but no option {1} was provided.
# Feature Support
sop.error.feature_support.subcommand_not_supported=Subcommand '{0}' is not supported.
sop.error.feature_support.option_not_supported=Option '{0}' not supported.

156
sop-java-picocli/src/main/resources/sop_de.properties Normal file
View file

@ -0,0 +1,156 @@
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
#
# SPDX-License-Identifier: Apache-2.0
sop.name=sop
usage.header=Stateless OpenPGP Protocol
usage.footerHeading=Powered by Picocli%n
sop.locale=Gebietsschema für Beschreibungstexte
# Generic
usage.synopsisHeading=Aufruf:\u0020
usage.commandListHeading=%nBefehle:%n
# Exit Codes
usage.exitCodeListHeading=%nExit Codes:%n
usage.exitCodeList.0=\u00200:Erfolgreiche Programmausführung
usage.exitCodeList.1=\u00201:Generischer Programmfehler
usage.exitCodeList.2=\u00203:Signaturverifikation gefordert, aber keine gültige Signatur gefunden
usage.exitCodeList.3=13:Nicht unterstützter asymmetrischer Algorithmus
usage.exitCodeList.4=17:Zertifikat ist nicht fähig zu verschlüsseln
usage.exitCodeList.5=19:Nutzungsfehler: Fehlendes Argument
usage.exitCodeList.6=23:Unvollständige Verifikationsanweisungen
usage.exitCodeList.7=29:Entschlüsselung nicht möglich
usage.exitCodeList.8=31:Passwort ist nicht für Menschen lesbar
usage.exitCodeList.9=37:Nicht unterstützte Option
usage.exitCodeList.10=41:Ungültige Daten oder Daten des falschen Typs gefunden
usage.exitCodeList.11=53:Nicht-Text-Eingabe erhalten, wo Text erwartet wurde
usage.exitCodeList.12=59:Ausgabedatei existiert bereits
usage.exitCodeList.13=61:Eingabedatei existiert nicht
usage.exitCodeList.14=67:Passwort-gesicherter privater Schlüssel kann nicht entsperrt werden
usage.exitCodeList.15=69:Nicht unterstützter Unterbefehl
usage.exitCodeList.16=71:Nicht unterstützter Spezialprefix (zB. "@env/@fd") von indirektem Parameter
usage.exitCodeList.17=73:Mehrdeutige Eingabe (ein Dateiname, der dem Bezeichner entspricht, existiert bereits)
usage.exitCodeList.18=79:Schlüssel ist nicht fähig zu signieren
# Subcommands
sop.armor.usage.header=Schütze Standard-Eingabe mit ASCII Armor
sop.armor.usage.option.label=Label für Kopf- und Fußzeile der ASCII Armor
sop.dearmor.usage.header=Entferne ASCII Armor von Standard-Eingabe
sop.decrypt.usage.header=Entschlüssle eine Nachricht von Standard-Eingabe
sop.decrypt.usage.option.session_key_out=Extrahiere den Nachrichtenschlüssel nach erfolgreicher Entschlüsselung
sop.decrypt.usage.option.with_session_key.0=Symmetrischer Nachrichtenschlüssel (Sitzungsschlüssel).
sop.decrypt.usage.option.with_session_key.1=Ermöglicht direkte Entschlüsselung des im "CIPHERTEXT" enhaltenen "SEIPD" Paketes mithilfe des Nachrichtenschlüssels.
sop.decrypt.usage.option.with_session_key.2=Ist INDIREKTER Datentyp (zb. Datei, Umgebungsvariable, Dateideskriptor...).
sop.decrypt.usage.option.with_password.0=Symmetrisches Passwort zur Entschlüsselung der Nachricht.
sop.decrypt.usage.option.with_password.1=Ermöglicht Entschlüsselung basierend auf im "CIPHERTEXT" enthaltenen "SKESK" Paketen.
sop.decrypt.usage.option.with_password.2=Ist INDIREKTER Datentyp (zb. Datei, Umgebungsvariable, Dateideskriptor...).
sop.decrypt.usage.option.verify_out=Schreibe Status der Signaturprüfung in angegebene Ausgabe
sop.decrypt.usage.option.certs=Zertifikate zur Signaturprüfung
sop.decrypt.usage.option.not_before.0=Nach ISO-8601 formatierter UTC Zeitstempel (zB. '2020-11-23T16:35Z)
sop.decrypt.usage.option.not_before.1=Lehne Signaturen mit Erstellungsdatum außerhalb des Gültigkeitsbereichs ab.
sop.decrypt.usage.option.not_before.2=Standardmäßig: Anbeginn der Zeit ('-').
sop.decrypt.usage.option.not_after.0=Nach ISO-8601 formatierter UTC Zeitstempel (zB. '2020-11-23T16:35Z)
sop.decrypt.usage.option.not_after.1=Lehne Signaturen mit Erstellungsdatum außerhalb des Gültigkeitsbereichs ab.
sop.decrypt.usage.option.not_after.2=Standardmäßig: Aktueller Zeitunkt ('now').
sop.decrypt.usage.option.not_after.3=Akzeptiert speziellen Wert '-' für das Ende aller Zeiten.
sop.decrypt.usage.option.with_key_password.0=Passwort zum Entsperren der privaten Schlüssel
sop.decrypt.usage.option.with_key_password.1=Ist INDIREKTER Datentyp (zb. Datei, Umgebungsvariable, Dateideskriptor...).
sop.decrypt.usage.param.keys=Private Schlüssel zum Entschlüsseln der Nachricht
sop.encrypt.usage.header=Verschlüssle eine Nachricht von Standard-Eingabe
sop.encrypt.usage.option.armor=Schütze Ausgabe mit ASCII Armor
sop.encrypt.usage.option.type=Format der Nachricht. Standardmäßig 'binary'
sop.encrypt.usage.option.with_password.0=Verschlüssle die Nachricht mit einem Passwort
sop.encrypt.usage.option.with_password.1=Ist ein INDIREKTER Datentyp (zB. Datei, Umgebungsvariable, Dateideskriptor...).
sop.encrypt.usage.option.sign_with=Signiere die Nachricht mit einem privaten Schlüssel
sop.encrypt.usage.option.with_key_password.0=Passwort zum Entsperren der privaten Schlüssel
sop.encrypt.usage.option.with_key_password.1=Ist INDIREKTER Datentyp (zb. Datei, Umgebungsvariable, Dateideskriptor...).
sop.encrypt.usage.param.certs=Zertifikate für die die Nachricht verschlüsselt werden soll
sop.extract-cert.usage.header=Extrahiere Zertifikat (öffentlichen Schlüssel) aus privatem Schlüssel von Standard-Eingabe
sop.extract-cert.usage.option.armor=Schütze Ausgabe mit ASCII Armor
sop.generate-key.usage.header=Generiere einen privaten Schlüssel
sop.generate-key.usage.option.armor=Schütze Ausgabe mit ASCII Armor
sop.generate-key.usage.option.user_id=Nutzer-ID, zB. "Alice <alice@example.com>"
sop.generate-key.usage.option.with_key_password.0=Passwort zum Schutz des privaten Schlüssels
sop.generate-key.usage.option.with_key_password.1=Ist ein INDIREKTER Datentyp (zB. Datei, Umgebungsvariable, Dateideskriptor...).
sop.inline-detach.usage.header=Trenne Signaturen von Klartext-signierter Nachricht
sop.inline-detach.usage.option.armor=Schütze Ausgabe mit ASCII Armor
sop.inline-detach.usage.option.signatures_out=Schreibe abgetrennte Signaturen in Ausgabe
sop.inline-sign.usage.header=Signiere eine Nachricht von Standard-Eingabe mit eingebetteten Signaturen
sop.inline-sign.usage.option.armor=Schütze Ausgabe mit ASCII Armor
sop.inline-sign.usage.option.as.0=Bestimme Signaturformat der Nachricht.
sop.inline-sign.usage.option.as.1='text' und 'binary' resultieren in eingebettete Signaturen.
sop.inline-sign.usage.option.as.2='cleartextsigned' wird die Nachricht Klartext-signieren.
sop.inline-sign.usage.option.as.3=Standardmäßig: 'binary'.
sop.inline-sign.usage.option.as.4=Ist die Standard-Eingabe nicht UTF-8 kodiert und '--as=text' gesetzt, so wird inline-sign Fehlercode 53 zurückgeben.
sop.inline-sign.usage.option.with_key_password.0=Passwort zum Entsperren des privaten Schlüssels
sop.inline-sign.usage.option.with_key_password.1=Ist ein INDIREKTER Datentyp (zB. Datei, Umgebungsvariable, Dateideskriptor...).
sop.inline-sign.usage.option.micalg=Gibt den verwendeten Digest-Algorithmus an die angegebene Ausgabe in einer Form aus, die zum Auffüllen des micalg-Parameters für den PGP/MIME Content-Type (RFC3156) verwendet werden kann.
sop.inline-sign.usage.parameter.keys=Private Signaturschlüssel
sop.inline-verify.usage.header=Prüfe eingebettete Signaturen einer Nachricht von Standard-Eingabe
sop.inline-verify.usage.option.not_before.0=Nach ISO-8601 formatierter UTC Zeitstempel (zB. '2020-11-23T16:35Z)
sop.inline-verify.usage.option.not_before.1=Lehne Signaturen mit Erstellungsdatum außerhalb des Gültigkeitsbereichs ab.
sop.inline-verify.usage.option.not_before.2=Standardmäßig: Anbeginn der Zeit ('-').
sop.inline-verify.usage.option.not_after.0=Nach ISO-8601 formatierter UTC Zeitstempel (zB. '2020-11-23T16:35Z)
sop.inline-verify.usage.option.not_after.1=Lehne Signaturen mit Erstellungsdatum außerhalb des Gültigkeitsbereichs ab.
sop.inline-verify.usage.option.not_after.2=Standardmäßig: Aktueller Zeitunkt ('now').
sop.inline-verify.usage.option.not_after.3=Akzeptiert speziellen Wert '-' für das Ende aller Zeiten.
sop.inline-verify.usage.option.verifications_out=Schreibe Status der Signaturprüfung in angegebene Ausgabe
sop.inline-verify.usage.parameter.certs=Zertifikate (öffentlich Schlüssel) zur Signaturprüfung
sop.sign.usage.header=Erstelle abgetrennte Signatur über Nachricht von Standard-Eingabe
sop.sign.usage.option.armor=Schütze Ausgabe mit ASCII Armor
sop.sign.usage.option.as.0=Bestimme Signaturformat der Nachricht.
sop.sign.usage.option.as.1=Standardmäßig: 'binary'.
sop.sign.usage-option.as.2=Ist die Standard-Eingabe nicht UTF-8 kodiert und '--as=text' gesetzt, so wird inline-sign Fehlercode 53 zurückgeben.
sop.sign.usage.option.with_key_password.0=Passwort zum Entsperren des privaten Schlüssels
sop.sign.usage.option.with_key_password.1=Ist ein INDIREKTER Datentyp (zB. Datei, Umgebungsvariable, Dateideskriptor...).
sop.sign.usage.option.micalg_out=Gibt den verwendeten Digest-Algorithmus an die angegebene Ausgabe in einer Form aus, die zum Auffüllen des micalg-Parameters für den PGP/MIME Content-Type (RFC3156) verwendet werden kann.
sop.sign.usage.parameter.keys=Private Signaturschlüssel
sop.verify.usage.header=Prüfe eine abgetrennte Signatur über eine Nachricht von Standard-Eingabe
sop.verify.usage.option.not_before.0=Nach ISO-8601 formatierter UTC Zeitstempel (zB. '2020-11-23T16:35Z)
sop.verify.usage.option.not_before.1=Lehne Signaturen mit Erstellungsdatum außerhalb des Gültigkeitsbereichs ab.
sop.verify.usage.option.not_before.2=Standardmäßig: Anbeginn der Zeit ('-').
sop.verify.usage.option.not_after.0=Nach ISO-8601 formatierter UTC Zeitstempel (zB. '2020-11-23T16:35Z)
sop.verify.usage.option.not_after.1=Lehne Signaturen mit Erstellungsdatum außerhalb des Gültigkeitsbereichs ab.
sop.verify.usage.option.not_after.2=Standardmäßig: Aktueller Zeitunkt ('now').
sop.verify.usage.option.not_after.3=Akzeptiert speziellen Wert '-' für das Ende aller Zeiten.
sop.verify.usage.parameter.signature=Abgetrennte Signatur
sop.verify.usage.parameter.certs=Zertifikate (öffentliche Schlüssel) zur Signaturprüfung
sop.version.usage.header=Zeige Versionsinformationen über das Programm
sop.version.usage.option.extended=Gebe erweiterte Versionsinformationen aus
sop.version.usage.option.backend=Gebe Informationen über das kryptografische Backend aus
sop.help.usage.header=Zeige Nutzungshilfen für den angegebenen Unterbefehl an
## Malformed Input
sop.error.input.malformed_session_key=Nachrichtenschlüssel werden im folgenden Format erwartet: 'ALGONUM:HEXKEY'
sop.error.input.not_a_private_key=Eingabe '{0}' enthält keinen privaten OpenPGP Schlüssel.
sop.error.input.not_a_certificate=Eingabe '{0}' enthält kein OpenPGP Zertifikat.
sop.error.input.not_a_signature=Eingabe '{0}' enthält keine OpenPGP Signatur.
sop.error.input.malformed_not_after=Ungültige Datumszeichenfolge als Wert von '--not-after'.
sop.error.input.malformed_not_before=Ungültige Datumszeichenfolge als Wert von '--not-before'.
sop.error.input.stdin_not_a_message=Standard-Eingabe enthält scheinbar keine OpenPGP Nachricht.
sop.error.input.stdin_not_a_private_key=Standard-Eingabe enthält scheinbar keinen privaten OpenPGP Schlüssel.
sop.error.input.stdin_not_openpgp_data=Standard-Eingabe enthält scheinbar keine gültigen OpenPGP Daten.
## Indirect Data Types
sop.error.indirect_data_type.ambiguous_filename=Dateiname '{0}' ist mehrdeutig. Datei mit dem selben Namen existiert im Dateisystem.
sop.error.indirect_data_type.environment_variable_not_set=Umgebungsvariable '{0}' nicht gesetzt.
sop.error.indirect_data_type.environment_variable_empty=Umgebungsvariable '{0}' ist leer.
sop.error.indirect_data_type.input_file_does_not_exist=Quelldatei '{0}' existiert nicht.
sop.error.indirect_data_type.input_not_a_file=Quelldatei '{0}' ist keine Datei.
sop.error.indirect_data_type.output_file_already_exists=Zieldatei '{0}' existiert bereits.
sop.error.indirect_data_type.output_file_cannot_be_created=Zieldatei '{0}' kann nicht erstellt werden.
sop.error.indirect_data_type.illegal_use_of_env_designator=Besonderer Bezeichner-Präfix '@ENV:' darf nicht für Ausgaben verwendet werden.
sop.error.indirect_data_type.designator_env_not_supported=Besonderer Bezeichner-Präfix '@ENV' wird nicht unterstützt.
sop.error.indirect_data_type.designator_fd_not_supported=Besonderer Bezeichner-Präfix '@FD' wird nicht unterstützt.
## Runtime Errors
sop.error.runtime.no_backend_set=Kein SOP Backend gesetzt.
sop.error.runtime.cannot_unlock_key=Gesperrter Schlüssel aus Eingabe '{0}' kann nicht entsperrt werden.
sop.error.runtime.key_uses_unsupported_asymmetric_algorithm=Privater Schlüssel aus Eingabe '{0}' nutzt nicht unterstütztem asymmetrischen Algorithmus.
sop.error.runtime.cert_uses_unsupported_asymmetric_algorithm=Zertifikat aus Eingabe '{0}' nutzt nicht unterstütztem asymmetrischen Algorithmus.
sop.error.runtime.key_cannot_sign=Privater Schlüssel aus Eingabe '{0}' kann nicht signieren.
sop.error.runtime.cert_cannot_encrypt=Zertifikat aus Eingabe '{0}' kann nicht verschlüsseln.
sop.error.runtime.no_session_key_extracted=Nachrichtenschlüssel nicht extrahiert. Funktion wird möglicherweise nicht unterstützt.
sop.error.runtime.no_verifiable_signature_found=Keine gültigen Signaturen gefunden.
## Usage errors
sop.error.usage.password_or_cert_required=Es wird mindestens ein Passwort und/oder Zertifikat zur Verschlüsselung benötigt.
sop.error.usage.argument_required=Argument '{0}' ist erforderlich.
sop.error.usage.parameter_required=Parameter '{0}' ist erforderlich.
sop.error.usage.option_requires_other_option=Option '{0}' wurde angegeben, jedoch kein Wert für {1}.
# Feature Support
sop.error.feature_support.subcommand_not_supported=Unterbefehl '{0}' wird nicht unterstützt.
sop.error.feature_support.option_not_supported=Option '{0}' wird nicht unterstützt.

17
sop-java-picocli/src/test/java/sop/cli/picocli/DateParserTest.java → sop-java-picocli/src/test/java/sop/cli/picocli/DateParsingTest.java
View file

@ -9,41 +9,44 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import java.util.Date;
import org.junit.jupiter.api.Test;
import sop.cli.picocli.commands.AbstractSopCmd;
import sop.cli.picocli.commands.ArmorCmd;
import sop.util.UTCUtil;
public class DateParserTest {
public class DateParsingTest {
private AbstractSopCmd cmd = new ArmorCmd(); // we use ArmorCmd as a concrete implementation.
@Test
public void parseNotAfterDashReturnsEndOfTime() {
assertEquals(DateParser.END_OF_TIME, DateParser.parseNotAfter("-"));
assertEquals(AbstractSopCmd.END_OF_TIME, cmd.parseNotAfter("-"));
}
@Test
public void parseNotBeforeDashReturnsBeginningOfTime() {
assertEquals(DateParser.BEGINNING_OF_TIME, DateParser.parseNotBefore("-"));
assertEquals(AbstractSopCmd.BEGINNING_OF_TIME, cmd.parseNotBefore("-"));
}
@Test
public void parseNotAfterNowReturnsNow() {
assertEquals(new Date().getTime(), DateParser.parseNotAfter("now").getTime(), 1000);
assertEquals(new Date().getTime(), cmd.parseNotAfter("now").getTime(), 1000);
}
@Test
public void parseNotBeforeNowReturnsNow() {
assertEquals(new Date().getTime(), DateParser.parseNotBefore("now").getTime(), 1000);
assertEquals(new Date().getTime(), cmd.parseNotBefore("now").getTime(), 1000);
}
@Test
public void parseNotAfterTimestamp() {
String timestamp = "2019-10-24T23:48:29Z";
Date date = DateParser.parseNotAfter(timestamp);
Date date = cmd.parseNotAfter(timestamp);
assertEquals(timestamp, UTCUtil.formatUTCDate(date));
}
@Test
public void parseNotBeforeTimestamp() {
String timestamp = "2019-10-29T18:36:45Z";
Date date = DateParser.parseNotBefore(timestamp);
Date date = cmd.parseNotBefore(timestamp);
assertEquals(timestamp, UTCUtil.formatUTCDate(date));
}
}

123
sop-java-picocli/src/test/java/sop/cli/picocli/FileUtilTest.java
View file

@ -1,123 +0,0 @@
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package sop.cli.picocli;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Files;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import sop.exception.SOPGPException;
public class FileUtilTest {
@BeforeAll
public static void setup() {
FileUtil.setEnvironmentVariableResolver(new FileUtil.EnvironmentVariableResolver() {
@Override
public String resolveEnvironmentVariable(String name) {
if (name.equals("test123")) {
return "test321";
}
return null;
}
});
}
@Test
public void getFile_ThrowsForNull() {
assertThrows(NullPointerException.class, () -> FileUtil.getFile(null));
}
@Test
public void getFile_prfxEnvAlreadyExists() throws IOException {
File tempFile = new File("@ENV:test");
tempFile.createNewFile();
tempFile.deleteOnExit();
assertThrows(SOPGPException.AmbiguousInput.class, () -> FileUtil.getFile("@ENV:test"));
}
@Test
public void getFile_EnvironmentVariable() {
File file = FileUtil.getFile("@ENV:test123");
assertEquals("test321", file.getName());
}
@Test
public void getFile_nonExistentEnvVariable() {
assertThrows(IllegalArgumentException.class, () -> FileUtil.getFile("@ENV:INVALID"));
}
@Test
public void getFile_prfxFdAlreadyExists() throws IOException {
File tempFile = new File("@FD:1");
tempFile.createNewFile();
tempFile.deleteOnExit();
assertThrows(SOPGPException.AmbiguousInput.class, () -> FileUtil.getFile("@FD:1"));
}
@Test
public void getFile_prfxFdNotSupported() {
assertThrows(IllegalArgumentException.class, () -> FileUtil.getFile("@FD:2"));
}
@Test
public void createNewFileOrThrow_throwsForNull() {
assertThrows(NullPointerException.class, () -> FileUtil.createNewFileOrThrow(null));
}
@Test
public void createNewFileOrThrow_success() throws IOException {
File dir = Files.createTempDirectory("test").toFile();
dir.deleteOnExit();
File file = new File(dir, "file");
assertFalse(file.exists());
FileUtil.createNewFileOrThrow(file);
assertTrue(file.exists());
}
@Test
public void createNewFileOrThrow_alreadyExists() throws IOException {
File dir = Files.createTempDirectory("test").toFile();
dir.deleteOnExit();
File file = new File(dir, "file");
FileUtil.createNewFileOrThrow(file);
assertTrue(file.exists());
assertThrows(SOPGPException.OutputExists.class, () -> FileUtil.createNewFileOrThrow(file));
}
@Test
public void getFileInputStream_success() throws IOException {
File dir = Files.createTempDirectory("test").toFile();
dir.deleteOnExit();
File file = new File(dir, "file");
FileUtil.createNewFileOrThrow(file);
FileInputStream inputStream = FileUtil.getFileInputStream(file.getAbsolutePath());
assertNotNull(inputStream);
}
@Test
public void getFileInputStream_fileNotFound() throws IOException {
File dir = Files.createTempDirectory("test").toFile();
dir.deleteOnExit();
File file = new File(dir, "file");
assertThrows(SOPGPException.MissingInput.class,
() -> FileUtil.getFileInputStream(file.getAbsolutePath()));
}
}

8
sop-java-picocli/src/test/java/sop/cli/picocli/SOPTest.java
View file

@ -23,8 +23,8 @@ import sop.operation.ExtractCert;
import sop.operation.GenerateKey;
import sop.operation.InlineSign;
import sop.operation.InlineVerify;
import sop.operation.Sign;
import sop.operation.Verify;
import sop.operation.DetachedSign;
import sop.operation.DetachedVerify;
import sop.operation.Version;
public class SOPTest {
@ -65,12 +65,12 @@ public class SOPTest {
}
@Override
public Sign sign() {
public DetachedSign detachedSign() {
return null;
}
@Override
public Verify verify() {
public DetachedVerify detachedVerify() {
return null;
}

7
sop-java-picocli/src/test/java/sop/cli/picocli/commands/DecryptCmdTest.java
View file

@ -36,7 +36,6 @@ import sop.ReadyWithResult;
import sop.SOP;
import sop.SessionKey;
import sop.Verification;
import sop.cli.picocli.DateParser;
import sop.cli.picocli.SopCLI;
import sop.cli.picocli.TestFileUtil;
import sop.exception.SOPGPException;
@ -116,7 +115,7 @@ public class DecryptCmdTest {
public void assertDefaultTimeRangesAreUsedIfNotOverwritten() throws SOPGPException.UnsupportedOption {
Date now = new Date();
SopCLI.main(new String[] {"decrypt"});
verify(decrypt, times(1)).verifyNotBefore(DateParser.BEGINNING_OF_TIME);
verify(decrypt, times(1)).verifyNotBefore(AbstractSopCmd.BEGINNING_OF_TIME);
verify(decrypt, times(1)).verifyNotAfter(
ArgumentMatchers.argThat(argument -> {
// allow 1-second difference
@ -127,8 +126,8 @@ public class DecryptCmdTest {
@Test
public void assertVerifyNotAfterAndBeforeDashResultsInMaxTimeRange() throws SOPGPException.UnsupportedOption {
SopCLI.main(new String[] {"decrypt", "--not-before", "-", "--not-after", "-"});
verify(decrypt, times(1)).verifyNotBefore(DateParser.BEGINNING_OF_TIME);
verify(decrypt, times(1)).verifyNotAfter(DateParser.END_OF_TIME);
verify(decrypt, times(1)).verifyNotBefore(AbstractSopCmd.BEGINNING_OF_TIME);
verify(decrypt, times(1)).verifyNotAfter(AbstractSopCmd.END_OF_TIME);
}
@Test

2
sop-java-picocli/src/test/java/sop/cli/picocli/commands/EncryptCmdTest.java
View file

@ -127,7 +127,7 @@ public class EncryptCmdTest {
@Test
@ExpectSystemExitWithStatus(79)
public void signWith_certCannotSignCausesExit1() throws IOException, SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.KeyCannotSign, SOPGPException.BadData {
public void signWith_certCannotSignCausesExit79() throws IOException, SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.KeyCannotSign, SOPGPException.BadData {
when(encrypt.signWith((InputStream) any())).thenThrow(new SOPGPException.KeyCannotSign());
File keyFile = File.createTempFile("sign-with", ".asc");
File passwordFile = TestFileUtil.writeTempStringFile("dragon");

32
sop-java-picocli/src/test/java/sop/cli/picocli/commands/SignCmdTest.java
View file

@ -24,17 +24,17 @@ import sop.SOP;
import sop.SigningResult;
import sop.cli.picocli.SopCLI;
import sop.exception.SOPGPException;
import sop.operation.Sign;
import sop.operation.DetachedSign;
public class SignCmdTest {
Sign sign;
DetachedSign detachedSign;
File keyFile;
@BeforeEach
public void mockComponents() throws IOException, SOPGPException.ExpectedText {
sign = mock(Sign.class);
when(sign.data((InputStream) any())).thenReturn(new ReadyWithResult<SigningResult>() {
detachedSign = mock(DetachedSign.class);
when(detachedSign.data((InputStream) any())).thenReturn(new ReadyWithResult<SigningResult>() {
@Override
public SigningResult writeTo(OutputStream outputStream) {
return SigningResult.builder().build();
@ -42,7 +42,7 @@ public class SignCmdTest {
});
SOP sop = mock(SOP.class);
when(sop.sign()).thenReturn(sign);
when(sop.detachedSign()).thenReturn(detachedSign);
SopCLI.setSopInstance(sop);
@ -65,27 +65,27 @@ public class SignCmdTest {
@Test
@ExpectSystemExitWithStatus(37)
public void as_unsupportedOptionCausesExit37() throws SOPGPException.UnsupportedOption {
when(sign.mode(any())).thenThrow(new SOPGPException.UnsupportedOption("Setting signing mode not supported."));
when(detachedSign.mode(any())).thenThrow(new SOPGPException.UnsupportedOption("Setting signing mode not supported."));
SopCLI.main(new String[] {"sign", "--as", "binary", keyFile.getAbsolutePath()});
}
@Test
@ExpectSystemExitWithStatus(1)
public void key_nonExistentKeyFileCausesExit1() {
@ExpectSystemExitWithStatus(61)
public void key_nonExistentKeyFileCausesExit61() {
SopCLI.main(new String[] {"sign", "invalid.asc"});
}
@Test
@ExpectSystemExitWithStatus(1)
public void key_keyIsProtectedCausesExit1() throws SOPGPException.KeyIsProtected, IOException, SOPGPException.BadData {
when(sign.key((InputStream) any())).thenThrow(new SOPGPException.KeyIsProtected());
@ExpectSystemExitWithStatus(67)
public void key_keyIsProtectedCausesExit67() throws SOPGPException.KeyIsProtected, IOException, SOPGPException.BadData {
when(detachedSign.key((InputStream) any())).thenThrow(new SOPGPException.KeyIsProtected());
SopCLI.main(new String[] {"sign", keyFile.getAbsolutePath()});
}
@Test
@ExpectSystemExitWithStatus(41)
public void key_badDataCausesExit41() throws SOPGPException.KeyIsProtected, IOException, SOPGPException.BadData {
when(sign.key((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
when(detachedSign.key((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
SopCLI.main(new String[] {"sign", keyFile.getAbsolutePath()});
}
@ -98,19 +98,19 @@ public class SignCmdTest {
@Test
public void noArmor_notCalledByDefault() {
SopCLI.main(new String[] {"sign", keyFile.getAbsolutePath()});
verify(sign, never()).noArmor();
verify(detachedSign, never()).noArmor();
}
@Test
public void noArmor_passedDown() {
SopCLI.main(new String[] {"sign", "--no-armor", keyFile.getAbsolutePath()});
verify(sign, times(1)).noArmor();
verify(detachedSign, times(1)).noArmor();
}
@Test
@ExpectSystemExitWithStatus(1)
public void data_ioExceptionCausesExit1() throws IOException, SOPGPException.ExpectedText {
when(sign.data((InputStream) any())).thenReturn(new ReadyWithResult<SigningResult>() {
when(detachedSign.data((InputStream) any())).thenReturn(new ReadyWithResult<SigningResult>() {
@Override
public SigningResult writeTo(OutputStream outputStream) throws IOException {
throw new IOException();
@ -122,7 +122,7 @@ public class SignCmdTest {
@Test
@ExpectSystemExitWithStatus(53)
public void data_expectedTextExceptionCausesExit53() throws IOException, SOPGPException.ExpectedText {
when(sign.data((InputStream) any())).thenThrow(new SOPGPException.ExpectedText());
when(detachedSign.data((InputStream) any())).thenThrow(new SOPGPException.ExpectedText());
SopCLI.main(new String[] {"sign", keyFile.getAbsolutePath()});
}
}

57
sop-java-picocli/src/test/java/sop/cli/picocli/commands/VerifyCmdTest.java
View file

@ -27,15 +27,14 @@ import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatchers;
import sop.SOP;
import sop.Verification;
import sop.cli.picocli.DateParser;
import sop.cli.picocli.SopCLI;
import sop.exception.SOPGPException;
import sop.operation.Verify;
import sop.operation.DetachedVerify;
import sop.util.UTCUtil;
public class VerifyCmdTest {
Verify verify;
DetachedVerify detachedVerify;
File signature;
File cert;
@ -45,12 +44,12 @@ public class VerifyCmdTest {
public void prepare() throws SOPGPException.UnsupportedOption, SOPGPException.BadData, SOPGPException.NoSignature, IOException {
originalSout = System.out;
verify = mock(Verify.class);
when(verify.notBefore(any())).thenReturn(verify);
when(verify.notAfter(any())).thenReturn(verify);
when(verify.cert((InputStream) any())).thenReturn(verify);
when(verify.signatures((InputStream) any())).thenReturn(verify);
when(verify.data((InputStream) any())).thenReturn(
detachedVerify = mock(DetachedVerify.class);
when(detachedVerify.notBefore(any())).thenReturn(detachedVerify);
when(detachedVerify.notAfter(any())).thenReturn(detachedVerify);
when(detachedVerify.cert((InputStream) any())).thenReturn(detachedVerify);
when(detachedVerify.signatures((InputStream) any())).thenReturn(detachedVerify);
when(detachedVerify.data((InputStream) any())).thenReturn(
Collections.singletonList(
new Verification(
UTCUtil.parseUTCDate("2019-10-29T18:36:45Z"),
@ -60,7 +59,7 @@ public class VerifyCmdTest {
);
SOP sop = mock(SOP.class);
when(sop.verify()).thenReturn(verify);
when(sop.detachedVerify()).thenReturn(detachedVerify);
SopCLI.setSopInstance(sop);
@ -77,26 +76,26 @@ public class VerifyCmdTest {
public void notAfter_passedDown() throws SOPGPException.UnsupportedOption {
Date date = UTCUtil.parseUTCDate("2019-10-29T18:36:45Z");
SopCLI.main(new String[] {"verify", "--not-after", "2019-10-29T18:36:45Z", signature.getAbsolutePath(), cert.getAbsolutePath()});
verify(verify, times(1)).notAfter(date);
verify(detachedVerify, times(1)).notAfter(date);
}
@Test
public void notAfter_now() throws SOPGPException.UnsupportedOption {
Date now = new Date();
SopCLI.main(new String[] {"verify", "--not-after", "now", signature.getAbsolutePath(), cert.getAbsolutePath()});
verify(verify, times(1)).notAfter(dateMatcher(now));
verify(detachedVerify, times(1)).notAfter(dateMatcher(now));
}
@Test
public void notAfter_dashCountsAsEndOfTime() throws SOPGPException.UnsupportedOption {
SopCLI.main(new String[] {"verify", "--not-after", "-", signature.getAbsolutePath(), cert.getAbsolutePath()});
verify(verify, times(1)).notAfter(DateParser.END_OF_TIME);
verify(detachedVerify, times(1)).notAfter(AbstractSopCmd.END_OF_TIME);
}
@Test
@ExpectSystemExitWithStatus(37)
public void notAfter_unsupportedOptionCausesExit37() throws SOPGPException.UnsupportedOption {
when(verify.notAfter(any())).thenThrow(new SOPGPException.UnsupportedOption("Setting upper signature date boundary not supported."));
when(detachedVerify.notAfter(any())).thenThrow(new SOPGPException.UnsupportedOption("Setting upper signature date boundary not supported."));
SopCLI.main(new String[] {"verify", "--not-after", "2019-10-29T18:36:45Z", signature.getAbsolutePath(), cert.getAbsolutePath()});
}
@ -104,34 +103,34 @@ public class VerifyCmdTest {
public void notBefore_passedDown() throws SOPGPException.UnsupportedOption {
Date date = UTCUtil.parseUTCDate("2019-10-29T18:36:45Z");
SopCLI.main(new String[] {"verify", "--not-before", "2019-10-29T18:36:45Z", signature.getAbsolutePath(), cert.getAbsolutePath()});
verify(verify, times(1)).notBefore(date);
verify(detachedVerify, times(1)).notBefore(date);
}
@Test
public void notBefore_now() throws SOPGPException.UnsupportedOption {
Date now = new Date();
SopCLI.main(new String[] {"verify", "--not-before", "now", signature.getAbsolutePath(), cert.getAbsolutePath()});
verify(verify, times(1)).notBefore(dateMatcher(now));
verify(detachedVerify, times(1)).notBefore(dateMatcher(now));
}
@Test
public void notBefore_dashCountsAsBeginningOfTime() throws SOPGPException.UnsupportedOption {
SopCLI.main(new String[] {"verify", "--not-before", "-", signature.getAbsolutePath(), cert.getAbsolutePath()});
verify(verify, times(1)).notBefore(DateParser.BEGINNING_OF_TIME);
verify(detachedVerify, times(1)).notBefore(AbstractSopCmd.BEGINNING_OF_TIME);
}
@Test
@ExpectSystemExitWithStatus(37)
public void notBefore_unsupportedOptionCausesExit37() throws SOPGPException.UnsupportedOption {
when(verify.notBefore(any())).thenThrow(new SOPGPException.UnsupportedOption("Setting lower signature date boundary not supported."));
when(detachedVerify.notBefore(any())).thenThrow(new SOPGPException.UnsupportedOption("Setting lower signature date boundary not supported."));
SopCLI.main(new String[] {"verify", "--not-before", "2019-10-29T18:36:45Z", signature.getAbsolutePath(), cert.getAbsolutePath()});
}
@Test
public void notBeforeAndNotAfterAreCalledWithDefaultValues() throws SOPGPException.UnsupportedOption {
SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), cert.getAbsolutePath()});
verify(verify, times(1)).notAfter(dateMatcher(new Date()));
verify(verify, times(1)).notBefore(DateParser.BEGINNING_OF_TIME);
verify(detachedVerify, times(1)).notAfter(dateMatcher(new Date()));
verify(detachedVerify, times(1)).notBefore(AbstractSopCmd.BEGINNING_OF_TIME);
}
private static Date dateMatcher(Date date) {
@ -139,48 +138,48 @@ public class VerifyCmdTest {
}
@Test
@ExpectSystemExitWithStatus(1)
public void cert_fileNotFoundCausesExit1() {
@ExpectSystemExitWithStatus(61)
public void cert_fileNotFoundCausesExit61() {
SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), "invalid.asc"});
}
@Test
@ExpectSystemExitWithStatus(41)
public void cert_badDataCausesExit41() throws SOPGPException.BadData {
when(verify.cert((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
when(detachedVerify.cert((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), cert.getAbsolutePath()});
}
@Test
@ExpectSystemExitWithStatus(1)
public void signature_fileNotFoundCausesExit1() {
@ExpectSystemExitWithStatus(61)
public void signature_fileNotFoundCausesExit61() {
SopCLI.main(new String[] {"verify", "invalid.sig", cert.getAbsolutePath()});
}
@Test
@ExpectSystemExitWithStatus(41)
public void signature_badDataCausesExit41() throws SOPGPException.BadData {
when(verify.signatures((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
when(detachedVerify.signatures((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), cert.getAbsolutePath()});
}
@Test
@ExpectSystemExitWithStatus(3)
public void data_noSignaturesCausesExit3() throws SOPGPException.NoSignature, IOException, SOPGPException.BadData {
when(verify.data((InputStream) any())).thenThrow(new SOPGPException.NoSignature());
when(detachedVerify.data((InputStream) any())).thenThrow(new SOPGPException.NoSignature());
SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), cert.getAbsolutePath()});
}
@Test
@ExpectSystemExitWithStatus(41)
public void data_badDataCausesExit41() throws SOPGPException.NoSignature, IOException, SOPGPException.BadData {
when(verify.data((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
when(detachedVerify.data((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), cert.getAbsolutePath()});
}
@Test
public void resultIsPrintedProperly() throws SOPGPException.NoSignature, IOException, SOPGPException.BadData {
when(verify.data((InputStream) any())).thenReturn(Arrays.asList(
when(detachedVerify.data((InputStream) any())).thenReturn(Arrays.asList(
new Verification(UTCUtil.parseUTCDate("2019-10-29T18:36:45Z"),
"EB85BB5FA33A75E15E944E63F231550C4F47E38E",
"EB85BB5FA33A75E15E944E63F231550C4F47E38E"),

70
sop-java/src/main/java/sop/SOP.java
View file

@ -13,8 +13,8 @@ import sop.operation.GenerateKey;
import sop.operation.InlineDetach;
import sop.operation.InlineSign;
import sop.operation.InlineVerify;
import sop.operation.Sign;
import sop.operation.Verify;
import sop.operation.DetachedSign;
import sop.operation.DetachedVerify;
import sop.operation.Version;
/**
@ -47,19 +47,72 @@ public interface SOP {
/**
* Create detached signatures.
* Customize the operation using the builder {@link Sign}.
* Customize the operation using the builder {@link DetachedSign}.
*
* If you want to sign a message inline, use {@link #inlineSign()} instead.
*
* @return builder instance
*/
Sign sign();
default DetachedSign sign() {
return detachedSign();
}
/**
* Create detached signatures.
* Customize the operation using the builder {@link DetachedSign}.
*
* If you want to sign a message inline, use {@link #inlineSign()} instead.
*
* @return builder instance
*/
DetachedSign detachedSign();
/**
* Sign a message using inline signatures.
*
* If you need to create detached signatures, use {@link #detachedSign()} instead.
*
* @return builder instance
*/
InlineSign inlineSign();
/**
* Verify detached signatures.
* Customize the operation using the builder {@link Verify}.
* Customize the operation using the builder {@link DetachedVerify}.
*
* If you need to verify an inline-signed message, use {@link #inlineVerify()} instead.
*
* @return builder instance
*/
Verify verify();
default DetachedVerify verify() {
return detachedVerify();
}
/**
* Verify detached signatures.
* Customize the operation using the builder {@link DetachedVerify}.
*
* If you need to verify an inline-signed message, use {@link #inlineVerify()} instead.
*
* @return builder instance
*/
DetachedVerify detachedVerify();
/**
* Verify signatures of an inline-signed message.
*
* If you need to verify detached signatures over a message, use {@link #detachedVerify()} instead.
*
* @return builder instance
*/
InlineVerify inlineVerify();
/**
* Detach signatures from an inline signed message.
*
* @return builder instance
*/
InlineDetach inlineDetach();
/**
* Encrypt a message.
@ -93,9 +146,4 @@ public interface SOP {
*/
Dearmor dearmor();
InlineDetach inlineDetach();
InlineSign inlineSign();
InlineVerify inlineVerify();
}

3
sop-java/src/main/java/sop/enums/EncryptAs.java
View file

@ -6,6 +6,5 @@ package sop.enums;
public enum EncryptAs {
Binary,
Text,
MIME
Text
}

12
sop-java/src/main/java/sop/exception/SOPGPException.java
View file

@ -35,6 +35,10 @@ public abstract class SOPGPException extends RuntimeException {
super("No verifiable signature found.");
}
public NoSignature(String errorMsg, NoSignature e) {
super(errorMsg, e);
}
@Override
public int getExitCode() {
return EXIT_CODE;
@ -225,6 +229,10 @@ public abstract class SOPGPException extends RuntimeException {
super(message, cause);
}
public MissingInput(String errorMsg) {
super(errorMsg);
}
@Override
public int getExitCode() {
return EXIT_CODE;
@ -276,6 +284,10 @@ public abstract class SOPGPException extends RuntimeException {
public static final int EXIT_CODE = 71;
public UnsupportedSpecialPrefix(String errorMsg) {
super(errorMsg);
}
@Override
public int getExitCode() {
return EXIT_CODE;

2
sop-java/src/main/java/sop/operation/AbstractSign.java
View file

@ -20,7 +20,7 @@ public interface AbstractSign<T> {
*
* @return builder instance
*/
Sign noArmor();
DetachedSign noArmor();
/**
* Add one or more signing keys.

4
sop-java/src/main/java/sop/operation/AbstractVerify.java
View file

@ -12,9 +12,9 @@ import java.util.Date;
/**
* Common API methods shared between verification of inline signatures ({@link InlineVerify})
* and verification of detached signatures ({@link Verify}).
* and verification of detached signatures ({@link DetachedVerify}).
*
* @param <T> Builder type ({@link Verify}, {@link InlineVerify})
* @param <T> Builder type ({@link DetachedVerify}, {@link InlineVerify})
*/
public interface AbstractVerify<T> {

4
sop-java/src/main/java/sop/operation/Sign.java → sop-java/src/main/java/sop/operation/DetachedSign.java
View file

@ -9,7 +9,7 @@ import sop.exception.SOPGPException;
import java.io.InputStream;
public interface Sign extends AbstractSign<Sign> {
public interface DetachedSign extends AbstractSign<DetachedSign> {
/**
* Sets the signature mode.
@ -20,6 +20,6 @@ public interface Sign extends AbstractSign<Sign> {
*
* @throws sop.exception.SOPGPException.UnsupportedOption if this option is not supported
*/
Sign mode(SignAs mode) throws SOPGPException.UnsupportedOption;
DetachedSign mode(SignAs mode) throws SOPGPException.UnsupportedOption;
}

2
sop-java/src/main/java/sop/operation/Verify.java → sop-java/src/main/java/sop/operation/DetachedVerify.java
View file

@ -12,7 +12,7 @@ import java.io.InputStream;
/**
* API for verifying detached signatures.
*/
public interface Verify extends AbstractVerify<Verify>, VerifySignatures {
public interface DetachedVerify extends AbstractVerify<DetachedVerify>, VerifySignatures {
/**
* Provides the detached signatures.

2
sop-java/src/main/java/sop/operation/InlineSign.java
View file

@ -20,6 +20,6 @@ public interface InlineSign extends AbstractSign<InlineSign> {
*
* @throws sop.exception.SOPGPException.UnsupportedOption if this option is not supported
*/
Sign mode(InlineSignAs mode) throws SOPGPException.UnsupportedOption;
DetachedSign mode(InlineSignAs mode) throws SOPGPException.UnsupportedOption;
}