Package org.eclipse.jgit.gpg.bc.internal
Class BouncyCastleGpgKeyLocator
java.lang.Object
org.eclipse.jgit.gpg.bc.internal.BouncyCastleGpgKeyLocator
Locates GPG keys from either
~/.gnupg/private-keys-v1.d or
~/.gnupg/secring.gpg-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static classThrown if a keybox file exists but doesn't contain an OpenPGP key. -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionBouncyCastleGpgKeyLocator(String signingKey, BouncyCastleGpgKeyPassphrasePrompt passphrasePrompt) Create a new key locator for the specified signing key. -
Method Summary
Modifier and TypeMethodDescriptionprivate org.bouncycastle.openpgp.PGPSecretKeyattemptParseSecretKey(Path keyFile, org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider calculatorProvider, SecretKeys.PassphraseSupplier passphraseSupplier, org.bouncycastle.openpgp.PGPPublicKey publicKey) private static Pathprivate static booleancontainsIgnoreCase(String a, String b) (package private) static booleancontainsSigningKey(String userId, String signingKeySpec) Checks whether a given OpenPGPuserIdmatches a givensigningKeySpec, which is supposed to have one of the formats defined by GPG.private static Path(package private) static org.bouncycastle.openpgp.PGPPublicKeyfindPublicKey(String fingerprint, String keySpec) private static org.bouncycastle.openpgp.PGPPublicKeyfindPublicKeyByKeyId(org.bouncycastle.gpg.keybox.KeyBlob keyBlob, String keyId) private static org.bouncycastle.openpgp.PGPPublicKeyfindPublicKeyByUserId(org.bouncycastle.gpg.keybox.KeyBlob keyBlob, String keySpec) private static org.bouncycastle.openpgp.PGPPublicKeyfindPublicKeyInKeyBox(Path keyboxFile, String keyId, String keySpec) Finds a public key associated with the signing key.private static org.bouncycastle.openpgp.PGPPublicKeyfindPublicKeyInPubring(Path pubringFile, String keyId, String keySpec) Return the first public key matching the key id (signingKey.If there is a private key directory containing keys, use pubring.kbx or pubring.gpg to find the public key; then try to find the secret key in the directory.private BouncyCastleGpgKeyfindSecretKeyForKeyBoxPublicKey(org.bouncycastle.openpgp.PGPPublicKey publicKey, Path userKeyboxPath) private org.bouncycastle.openpgp.PGPSecretKeyfindSecretKeyInLegacySecring(String signingkey, Path secringFile) Return the first suitable key for signing in the key ring collection.private static org.bouncycastle.openpgp.PGPPublicKeygetPublicKey(org.bouncycastle.gpg.keybox.KeyBlob blob, byte[] fingerprint) private static org.bouncycastle.openpgp.PGPPublicKeygetSigningPublicKey(org.bouncycastle.gpg.keybox.KeyBlob blob) private booleanhasKeyFiles(Path dir) private static booleanisSigningKey(org.bouncycastle.openpgp.PGPPublicKey key) private BouncyCastleGpgKeyloadKeyFromSecring(Path secring) private static org.bouncycastle.gpg.keybox.KeyBoxreadKeyBoxFile(Path keyboxFile) private static StringtoFingerprint(String keyId)
-
Field Details
-
log
private static final org.slf4j.Logger log -
GPG_DIRECTORY
-
USER_KEYBOX_PATH
-
USER_SECRET_KEY_DIR
-
USER_PGP_PUBRING_FILE
-
USER_PGP_LEGACY_SECRING_FILE
-
signingKey
-
passphrasePrompt
-
-
Constructor Details
-
BouncyCastleGpgKeyLocator
public BouncyCastleGpgKeyLocator(String signingKey, @NonNull BouncyCastleGpgKeyPassphrasePrompt passphrasePrompt) Create a new key locator for the specified signing key.The signing key must either be a hex representation of a specific key or a user identity substring (eg., email address). All keys in the KeyBox will be looked up in the order as returned by the KeyBox. A key id will be searched before attempting to find a key by user id.
- Parameters:
signingKey- the signing key to search forpassphrasePrompt- the provider to use when asking for key passphrase
-
-
Method Details
-
findGpgDirectory
-
checkDirectory
-
attemptParseSecretKey
private org.bouncycastle.openpgp.PGPSecretKey attemptParseSecretKey(Path keyFile, org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider calculatorProvider, SecretKeys.PassphraseSupplier passphraseSupplier, org.bouncycastle.openpgp.PGPPublicKey publicKey) throws IOException, org.bouncycastle.openpgp.PGPException, CanceledException, UnsupportedCredentialItem, URISyntaxException - Throws:
IOExceptionorg.bouncycastle.openpgp.PGPExceptionCanceledExceptionUnsupportedCredentialItemURISyntaxException
-
containsSigningKey
Checks whether a given OpenPGPuserIdmatches a givensigningKeySpec, which is supposed to have one of the formats defined by GPG.Not all formats are supported; only formats starting with '=', '<', '@', and '*' are handled. Any other format results in a case-insensitive substring match.
- Parameters:
userId- of a keysigningKeySpec- GPG key identification- Returns:
- whether the
userIdmatches - See Also:
-
containsIgnoreCase
-
toFingerprint
-
findPublicKey
static org.bouncycastle.openpgp.PGPPublicKey findPublicKey(String fingerprint, String keySpec) throws IOException, org.bouncycastle.openpgp.PGPException - Throws:
IOExceptionorg.bouncycastle.openpgp.PGPException
-
findPublicKeyByKeyId
private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyByKeyId(org.bouncycastle.gpg.keybox.KeyBlob keyBlob, String keyId) throws IOException - Throws:
IOException
-
findPublicKeyByUserId
private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyByUserId(org.bouncycastle.gpg.keybox.KeyBlob keyBlob, String keySpec) throws IOException - Throws:
IOException
-
findPublicKeyInKeyBox
private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyInKeyBox(Path keyboxFile, String keyId, String keySpec) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, BouncyCastleGpgKeyLocator.NoOpenPgpKeyException Finds a public key associated with the signing key.- Parameters:
keyboxFile- the KeyBox filekeyId- to look for, may be nullkeySpec- to look for- Returns:
- publicKey the public key (maybe
null) - Throws:
IOException- in case of problems reading the fileNoSuchAlgorithmExceptionNoSuchProviderExceptionBouncyCastleGpgKeyLocator.NoOpenPgpKeyException- if the file does not contain any OpenPGP key
-
findSecretKey
@NonNull public BouncyCastleGpgKey findSecretKey() throws IOException, NoSuchAlgorithmException, NoSuchProviderException, org.bouncycastle.openpgp.PGPException, CanceledException, UnsupportedCredentialItem, URISyntaxExceptionIf there is a private key directory containing keys, use pubring.kbx or pubring.gpg to find the public key; then try to find the secret key in the directory.If there is no private key directory (or it doesn't contain any keys), try to find the key in secring.gpg directly.
- Returns:
- the secret key
- Throws:
IOException- in case of issues reading key filesNoSuchAlgorithmExceptionNoSuchProviderExceptionorg.bouncycastle.openpgp.PGPException- in case of issues finding a key, including no key foundCanceledExceptionURISyntaxExceptionUnsupportedCredentialItem
-
hasKeyFiles
-
loadKeyFromSecring
private BouncyCastleGpgKey loadKeyFromSecring(Path secring) throws IOException, org.bouncycastle.openpgp.PGPException - Throws:
IOExceptionorg.bouncycastle.openpgp.PGPException
-
findSecretKeyForKeyBoxPublicKey
private BouncyCastleGpgKey findSecretKeyForKeyBoxPublicKey(org.bouncycastle.openpgp.PGPPublicKey publicKey, Path userKeyboxPath) throws org.bouncycastle.openpgp.PGPException, CanceledException, UnsupportedCredentialItem, URISyntaxException - Throws:
org.bouncycastle.openpgp.PGPExceptionCanceledExceptionUnsupportedCredentialItemURISyntaxException
-
findSecretKeyInLegacySecring
private org.bouncycastle.openpgp.PGPSecretKey findSecretKeyInLegacySecring(String signingkey, Path secringFile) throws IOException, org.bouncycastle.openpgp.PGPException Return the first suitable key for signing in the key ring collection. For this case we only expect there to be one key available for signing.- Parameters:
signingkey-secringFile-- Returns:
- the first suitable PGP secret key found for signing
- Throws:
IOException- on I/O related errorsorg.bouncycastle.openpgp.PGPException- on BouncyCastle errors
-
findPublicKeyInPubring
private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyInPubring(Path pubringFile, String keyId, String keySpec) throws IOException, org.bouncycastle.openpgp.PGPException Return the first public key matching the key id (signingKey.- Parameters:
pubringFile- to searchkeyId- to look for, may be nullkeySpec- to look for- Returns:
- the PGP public key, or
nullif none found - Throws:
IOException- on I/O related errorsorg.bouncycastle.openpgp.PGPException- on BouncyCastle errors
-
getPublicKey
private static org.bouncycastle.openpgp.PGPPublicKey getPublicKey(org.bouncycastle.gpg.keybox.KeyBlob blob, byte[] fingerprint) throws IOException - Throws:
IOException
-
getSigningPublicKey
private static org.bouncycastle.openpgp.PGPPublicKey getSigningPublicKey(org.bouncycastle.gpg.keybox.KeyBlob blob) throws IOException - Throws:
IOException
-
isSigningKey
private static boolean isSigningKey(org.bouncycastle.openpgp.PGPPublicKey key) -
readKeyBoxFile
private static org.bouncycastle.gpg.keybox.KeyBox readKeyBoxFile(Path keyboxFile) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, BouncyCastleGpgKeyLocator.NoOpenPgpKeyException
-