Merge remote-tracking branch 'origin/sop08'

2023-11-15 13:03:07 +01:00 · 2023-11-15 13:03:07 +01:00 · 72ca392386
parent a5c332737b 86b173bf1c
commit 72ca392386
8 changed files with 164 additions and 38 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -6,6 +6,19 @@ SPDX-License-Identifier: Apache-2.0
 # Changelog
 ## 8.0.0-SNAPSHOT
 - Rewrote API in Kotlin
 - Update implementation to [SOP Specification revision 08](https://www.ietf.org/archive/id/draft-dkg-openpgp-stateless-cli-08.html).
  - Add `--no-armor` option to `revoke-key` and `change-key-password` subcommands
  - `armor`: Deprecate `--label` option
  - `encrypt`: Add `--session-key-out` option
 - Slight API changes:
  - `sop.encrypt().plaintext()` now returns a `ReadyWithResult<EncryptionResult>` instead of `Ready`.
  - `EncryptionResult` is a new result type, that provides access to the session key of an encrypted message
  - Change `ArmorLabel` values into lowercase
  - Change `EncryptAs` values into lowercase
  - Change `SignAs` values into lowercase
 ## 7.0.0
 - Update implementation to [SOP Specification revision 07](https://www.ietf.org/archive/id/draft-dkg-openpgp-stateless-cli-07.html).
  - Add support for new `revoke-key` subcommand
--- a/external-sop/src/main/java/sop/external/ExternalSOP.java
+++ b/external-sop/src/main/java/sop/external/ExternalSOP.java
@ -147,7 +147,7 @@ public class ExternalSOP implements SOP {
    @Override
    public Encrypt encrypt() {
-        return new EncryptExternal(binaryName, properties);
+        return new EncryptExternal(binaryName, properties, tempDirProvider);
    }
    @Override
--- a/external-sop/src/main/java/sop/external/operation/EncryptExternal.java
+++ b/external-sop/src/main/java/sop/external/operation/EncryptExternal.java
@ -4,14 +4,19 @@
 package sop.external.operation;
-import sop.Ready;
+import sop.EncryptionResult;
 import sop.ReadyWithResult;
 import sop.SessionKey;
 import sop.enums.EncryptAs;
 import sop.exception.SOPGPException;
 import sop.external.ExternalSOP;
 import sop.operation.Encrypt;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
@ -21,6 +26,7 @@ import java.util.Properties;
 */
 public class EncryptExternal implements Encrypt {
    private final ExternalSOP.TempDirProvider tempDirProvider;
    private final List<String> commandList = new ArrayList<>();
    private final List<String> envList;
    private int SIGN_WITH_COUNTER = 0;
@ -28,7 +34,8 @@ public class EncryptExternal implements Encrypt {
    private int PASSWORD_COUNTER = 0;
    private int CERT_COUNTER = 0;
-    public EncryptExternal(String binary, Properties environment) {
+    public EncryptExternal(String binary, Properties environment, ExternalSOP.TempDirProvider tempDirProvider) {
        this.tempDirProvider = tempDirProvider;
        this.commandList.add(binary);
        this.commandList.add("encrypt");
        this.envList = ExternalSOP.propertiesToEnv(environment);
@ -92,8 +99,53 @@ public class EncryptExternal implements Encrypt {
    }
    @Override
-    public Ready plaintext(InputStream plaintext)
+    public ReadyWithResult<EncryptionResult> plaintext(InputStream plaintext)
-            throws SOPGPException.KeyIsProtected {
+            throws SOPGPException.KeyIsProtected, IOException {
-        return ExternalSOP.executeTransformingOperation(Runtime.getRuntime(), commandList, envList, plaintext);
+        File tempDir = tempDirProvider.provideTempDirectory();
        File sessionKeyOut = new File(tempDir, "session-key-out");
        sessionKeyOut.delete();
        commandList.add("--session-key-out=" + sessionKeyOut.getAbsolutePath());
        String[] command = commandList.toArray(new String[0]);
        String[] env = envList.toArray(new String[0]);
        try {
            Process process = Runtime.getRuntime().exec(command, env);
            OutputStream processOut = process.getOutputStream();
            InputStream processIn = process.getInputStream();
            return new ReadyWithResult<EncryptionResult>() {
                @Override
                public EncryptionResult writeTo(OutputStream outputStream) throws IOException {
                    byte[] buf = new byte[4096];
                    int r;
                    while ((r = plaintext.read(buf)) > 0) {
                        processOut.write(buf, 0, r);
                    }
                    plaintext.close();
                    processOut.close();
                    while ((r = processIn.read(buf)) > 0) {
                        outputStream.write(buf, 0 , r);
                    }
                    processIn.close();
                    outputStream.close();
                    ExternalSOP.finish(process);
                    FileInputStream sessionKeyOutIn = new FileInputStream(sessionKeyOut);
                    String line = ExternalSOP.readString(sessionKeyOutIn);
                    SessionKey sessionKey = SessionKey.fromString(line.trim());
                    sessionKeyOutIn.close();
                    sessionKeyOut.delete();
                    return new EncryptionResult(sessionKey);
                }
            };
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
 }
--- a/sop-java-picocli/src/main/kotlin/sop/cli/picocli/commands/EncryptCmd.kt
+++ b/sop-java-picocli/src/main/kotlin/sop/cli/picocli/commands/EncryptCmd.kt
@ -5,6 +5,7 @@
 package sop.cli.picocli.commands
 import java.io.IOException
 import java.io.PrintWriter
 import picocli.CommandLine.*
 import sop.cli.picocli.SopCLI
 import sop.enums.EncryptAs
@ -32,9 +33,14 @@ class EncryptCmd : AbstractSopCmd() {
    @Parameters(index = "0..*", paramLabel = "CERTS") var certs: List<String> = listOf()
    @Option(names = ["--session-key-out"], paramLabel = "SESSIONKEY")
    var sessionKeyOut: String? = null
    override fun run() {
        val encrypt = throwIfUnsupportedSubcommand(SopCLI.getSop().encrypt(), "encrypt")
        throwIfOutputExists(sessionKeyOut)
        profile?.let {
            try {
                encrypt.profile(it)
@ -130,7 +136,22 @@ class EncryptCmd : AbstractSopCmd() {
        try {
            val ready = encrypt.plaintext(System.`in`)
-            ready.writeTo(System.out)
+            val result = ready.writeTo(System.out)
            if (sessionKeyOut == null) {
                return
            }
            getOutput(sessionKeyOut).use {
                if (!result.sessionKey.isPresent) {
                    val errorMsg = getMsg("sop.error.runtime.no_session_key_extracted")
                    throw UnsupportedOption(String.format(errorMsg, "--session-key-out"))
                }
                val sessionKey = result.sessionKey.get() ?: return
                val writer = PrintWriter(it)
                writer.println(sessionKey)
                writer.flush()
            }
        } catch (e: IOException) {
            throw RuntimeException(e)
        }
--- a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/EncryptCmdTest.java
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/EncryptCmdTest.java
@ -4,6 +4,24 @@
 package sop.cli.picocli.commands;
 import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
 import org.jetbrains.annotations.NotNull;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import sop.EncryptionResult;
 import sop.ReadyWithResult;
 import sop.SOP;
 import sop.cli.picocli.SopCLI;
 import sop.cli.picocli.TestFileUtil;
 import sop.enums.EncryptAs;
 import sop.exception.SOPGPException;
 import sop.operation.Encrypt;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@ -11,22 +29,6 @@ import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import sop.Ready;
 import sop.SOP;
 import sop.cli.picocli.SopCLI;
 import sop.cli.picocli.TestFileUtil;
 import sop.enums.EncryptAs;
 import sop.exception.SOPGPException;
 import sop.operation.Encrypt;
 public class EncryptCmdTest {
    Encrypt encrypt;
@ -34,10 +36,10 @@ public class EncryptCmdTest {
    @BeforeEach
    public void mockComponents() throws IOException {
        encrypt = mock(Encrypt.class);
-        when(encrypt.plaintext((InputStream) any())).thenReturn(new Ready() {
+        when(encrypt.plaintext((InputStream) any())).thenReturn(new ReadyWithResult<EncryptionResult>() {
            @Override
-            public void writeTo(OutputStream outputStream) {
+            public EncryptionResult writeTo(@NotNull OutputStream outputStream) throws IOException, SOPGPException {
-
+                return new EncryptionResult(null);
            }
        });
@ -190,9 +192,9 @@ public class EncryptCmdTest {
    @Test
    @ExpectSystemExitWithStatus(1)
    public void writeTo_ioExceptionCausesExit1() throws IOException {
-        when(encrypt.plaintext((InputStream) any())).thenReturn(new Ready() {
+        when(encrypt.plaintext((InputStream) any())).thenReturn(new ReadyWithResult<EncryptionResult>() {
            @Override
-            public void writeTo(OutputStream outputStream) throws IOException {
+            public EncryptionResult writeTo(@NotNull OutputStream outputStream) throws IOException, SOPGPException {
                throw new IOException();
            }
        });
--- a/sop-java/src/main/kotlin/sop/EncryptionResult.kt
+++ b/sop-java/src/main/kotlin/sop/EncryptionResult.kt
@ -0,0 +1,15 @@
 // SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
 //
 // SPDX-License-Identifier: Apache-2.0
 package sop
 import sop.util.Optional
 class EncryptionResult(sessionKey: SessionKey?) {
    val sessionKey: Optional<SessionKey>
    init {
        this.sessionKey = Optional.ofNullable(sessionKey)
    }
 }
--- a/sop-java/src/main/kotlin/sop/operation/Encrypt.kt
+++ b/sop-java/src/main/kotlin/sop/operation/Encrypt.kt
@ -6,8 +6,9 @@ package sop.operation
 import java.io.IOException
 import java.io.InputStream
 import sop.EncryptionResult
 import sop.Profile
-import sop.Ready
+import sop.ReadyWithResult
 import sop.enums.EncryptAs
 import sop.exception.SOPGPException.*
 import sop.util.UTF8Util
@ -146,20 +147,22 @@ interface Encrypt {
     * Encrypt the given data yielding the ciphertext.
     *
     * @param plaintext plaintext
-     * @return input stream containing the ciphertext
+     * @return result and ciphertext
     * @throws IOException in case of an IO error
     * @throws KeyIsProtected if at least one signing key cannot be unlocked
     */
-    @Throws(IOException::class, KeyIsProtected::class) fun plaintext(plaintext: InputStream): Ready
+    @Throws(IOException::class, KeyIsProtected::class)
    fun plaintext(plaintext: InputStream): ReadyWithResult<EncryptionResult>
    /**
     * Encrypt the given data yielding the ciphertext.
     *
     * @param plaintext plaintext
-     * @return input stream containing the ciphertext
+     * @return result and ciphertext
     * @throws IOException in case of an IO error
     * @throws KeyIsProtected if at least one signing key cannot be unlocked
     */
    @Throws(IOException::class, KeyIsProtected::class)
-    fun plaintext(plaintext: ByteArray): Ready = plaintext(plaintext.inputStream())
+    fun plaintext(plaintext: ByteArray): ReadyWithResult<EncryptionResult> =
        plaintext(plaintext.inputStream())
 }
--- a/sop-java/src/testFixtures/java/sop/testsuite/operation/EncryptDecryptTest.java
+++ b/sop-java/src/testFixtures/java/sop/testsuite/operation/EncryptDecryptTest.java
@ -10,13 +10,16 @@ import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 import sop.ByteArrayAndResult;
 import sop.DecryptionResult;
 import sop.EncryptionResult;
 import sop.SOP;
 import sop.SessionKey;
 import sop.Verification;
 import sop.enums.EncryptAs;
 import sop.enums.SignatureMode;
 import sop.exception.SOPGPException;
 import sop.testsuite.TestData;
 import sop.testsuite.assertions.VerificationListAssert;
 import sop.util.Optional;
 import sop.util.UTCUtil;
 import java.io.IOException;
@ -27,6 +30,7 @@ import java.util.List;
 import java.util.stream.Stream;
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
@ -41,18 +45,26 @@ public class EncryptDecryptTest extends AbstractSOPTest {
    @MethodSource("provideInstances")
    public void encryptDecryptRoundTripPasswordTest(SOP sop) throws IOException {
        byte[] message = TestData.PLAINTEXT.getBytes(StandardCharsets.UTF_8);
-        byte[] ciphertext = sop.encrypt()
+        ByteArrayAndResult<EncryptionResult> encResult = sop.encrypt()
                .withPassword("sw0rdf1sh")
                .plaintext(message)
-                .getBytes();
+                .toByteArrayAndResult();
-        byte[] plaintext = sop.decrypt()
+        byte[] ciphertext = encResult.getBytes();
        Optional<SessionKey> encSessionKey = encResult.getResult().getSessionKey();
        ByteArrayAndResult<DecryptionResult> decResult = sop.decrypt()
                .withPassword("sw0rdf1sh")
                .ciphertext(ciphertext)
-                .toByteArrayAndResult()
+                .toByteArrayAndResult();
-                .getBytes();
+
        byte[] plaintext = decResult.getBytes();
        Optional<SessionKey> decSessionKey = decResult.getResult().getSessionKey();
        assertArrayEquals(message, plaintext);
        if (encSessionKey.isPresent() && decSessionKey.isPresent()) {
            assertEquals(encSessionKey.get(), decSessionKey.get());
        }
    }
    @ParameterizedTest
@ -62,6 +74,7 @@ public class EncryptDecryptTest extends AbstractSOPTest {
        byte[] ciphertext = sop.encrypt()
                .withCert(TestData.ALICE_CERT.getBytes(StandardCharsets.UTF_8))
                .plaintext(message)
                .toByteArrayAndResult()
                .getBytes();
        ByteArrayAndResult<DecryptionResult> bytesAndResult = sop.decrypt()
@ -83,6 +96,7 @@ public class EncryptDecryptTest extends AbstractSOPTest {
        byte[] ciphertext = sop.encrypt()
                .withCert(TestData.BOB_CERT.getBytes(StandardCharsets.UTF_8))
                .plaintext(message)
                .toByteArrayAndResult()
                .getBytes();
        byte[] plaintext = sop.decrypt()
@ -101,6 +115,7 @@ public class EncryptDecryptTest extends AbstractSOPTest {
        byte[] ciphertext = sop.encrypt()
                .withCert(TestData.CAROL_CERT.getBytes(StandardCharsets.UTF_8))
                .plaintext(message)
                .toByteArrayAndResult()
                .getBytes();
        byte[] plaintext = sop.decrypt()
@ -120,6 +135,7 @@ public class EncryptDecryptTest extends AbstractSOPTest {
                .withCert(TestData.ALICE_CERT.getBytes(StandardCharsets.UTF_8))
                .noArmor()
                .plaintext(message)
                .toByteArrayAndResult()
                .getBytes();
        byte[] armored = sop.armor()
@ -144,6 +160,7 @@ public class EncryptDecryptTest extends AbstractSOPTest {
                .signWith(TestData.ALICE_KEY.getBytes(StandardCharsets.UTF_8))
                .mode(EncryptAs.binary)
                .plaintext(message)
                .toByteArrayAndResult()
                .getBytes();
        ByteArrayAndResult<DecryptionResult> bytesAndResult = sop.decrypt()
@ -175,6 +192,7 @@ public class EncryptDecryptTest extends AbstractSOPTest {
                .signWith(TestData.ALICE_KEY.getBytes(StandardCharsets.UTF_8))
                .mode(EncryptAs.text)
                .plaintext(message)
                .toByteArrayAndResult()
                .getBytes();
        ByteArrayAndResult<DecryptionResult> bytesAndResult = sop.decrypt()
@ -215,6 +233,7 @@ public class EncryptDecryptTest extends AbstractSOPTest {
                .signWith(key)
                .withKeyPassword(keyPassword)
                .plaintext(message)
                .toByteArrayAndResult()
                .getBytes();
        ByteArrayAndResult<DecryptionResult> bytesAndResult = sop.decrypt()
@ -305,6 +324,7 @@ public class EncryptDecryptTest extends AbstractSOPTest {
        assertThrows(SOPGPException.MissingArg.class, () -> sop.encrypt()
                .plaintext(message)
                .toByteArrayAndResult()
                .getBytes());
    }
 }