Class BouncyCastleGpgKeyLocator


  • public class BouncyCastleGpgKeyLocator
    extends java.lang.Object
    Locates GPG keys from either ~/.gnupg/private-keys-v1.d or ~/.gnupg/secring.gpg
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private org.bouncycastle.openpgp.PGPSecretKey attemptParseSecretKey​(java.nio.file.Path keyFile, org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider calculatorProvider, SecretKeys.PassphraseSupplier passphraseSupplier, org.bouncycastle.openpgp.PGPPublicKey publicKey)  
      private static boolean containsIgnoreCase​(java.lang.String a, java.lang.String b)  
      (package private) static boolean containsSigningKey​(java.lang.String userId, java.lang.String signingKeySpec)
      Checks whether a given OpenPGP userId matches a given signingKeySpec, which is supposed to have one of the formats defined by GPG.
      private static java.nio.file.Path findGpgDirectory()  
      (package private) static org.bouncycastle.openpgp.PGPPublicKey findPublicKey​(java.lang.String fingerprint, java.lang.String keySpec)  
      private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyByKeyId​(org.bouncycastle.gpg.keybox.KeyBlob keyBlob, java.lang.String keyId)  
      private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyByUserId​(org.bouncycastle.gpg.keybox.KeyBlob keyBlob, java.lang.String keySpec)  
      private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyInKeyBox​(java.nio.file.Path keyboxFile, java.lang.String keyId, java.lang.String keySpec)
      Finds a public key associated with the signing key.
      private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyInPubring​(java.nio.file.Path pubringFile, java.lang.String keyId, java.lang.String keySpec)
      Return the first public key matching the key id (signingKey.
      BouncyCastleGpgKey findSecretKey()
      If there is a private key directory containing keys, use pubring.kbx or pubring.gpg to find the public key; then try to find the secret key in the directory.
      private BouncyCastleGpgKey findSecretKeyForKeyBoxPublicKey​(org.bouncycastle.openpgp.PGPPublicKey publicKey, java.nio.file.Path userKeyboxPath)  
      private org.bouncycastle.openpgp.PGPSecretKey findSecretKeyInLegacySecring​(java.lang.String signingkey, java.nio.file.Path secringFile)
      Return the first suitable key for signing in the key ring collection.
      private static org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(org.bouncycastle.gpg.keybox.KeyBlob blob, byte[] fingerprint)  
      private static org.bouncycastle.openpgp.PGPPublicKey getSigningPublicKey​(org.bouncycastle.gpg.keybox.KeyBlob blob)  
      private boolean hasKeyFiles​(java.nio.file.Path dir)  
      private static boolean isSigningKey​(org.bouncycastle.openpgp.PGPPublicKey key)  
      private BouncyCastleGpgKey loadKeyFromSecring​(java.nio.file.Path secring)  
      private static org.bouncycastle.gpg.keybox.KeyBox readKeyBoxFile​(java.nio.file.Path keyboxFile)  
      private static java.lang.String toFingerprint​(java.lang.String keyId)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • log

        private static final org.slf4j.Logger log
      • GPG_DIRECTORY

        static final java.nio.file.Path GPG_DIRECTORY
      • USER_KEYBOX_PATH

        private static final java.nio.file.Path USER_KEYBOX_PATH
      • USER_SECRET_KEY_DIR

        private static final java.nio.file.Path USER_SECRET_KEY_DIR
      • USER_PGP_PUBRING_FILE

        private static final java.nio.file.Path USER_PGP_PUBRING_FILE
      • USER_PGP_LEGACY_SECRING_FILE

        private static final java.nio.file.Path USER_PGP_LEGACY_SECRING_FILE
      • signingKey

        private final java.lang.String signingKey
    • Constructor Detail

      • BouncyCastleGpgKeyLocator

        public BouncyCastleGpgKeyLocator​(java.lang.String signingKey,
                                         @NonNull
                                         BouncyCastleGpgKeyPassphrasePrompt passphrasePrompt)
        Create a new key locator for the specified signing key.

        The signing key must either be a hex representation of a specific key or a user identity substring (eg., email address). All keys in the KeyBox will be looked up in the order as returned by the KeyBox. A key id will be searched before attempting to find a key by user id.

        Parameters:
        signingKey - the signing key to search for
        passphrasePrompt - the provider to use when asking for key passphrase
    • Method Detail

      • findGpgDirectory

        private static java.nio.file.Path findGpgDirectory()
      • attemptParseSecretKey

        private org.bouncycastle.openpgp.PGPSecretKey attemptParseSecretKey​(java.nio.file.Path keyFile,
                                                                            org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider calculatorProvider,
                                                                            SecretKeys.PassphraseSupplier passphraseSupplier,
                                                                            org.bouncycastle.openpgp.PGPPublicKey publicKey)
                                                                     throws java.io.IOException,
                                                                            org.bouncycastle.openpgp.PGPException,
                                                                            CanceledException,
                                                                            UnsupportedCredentialItem,
                                                                            java.net.URISyntaxException
        Throws:
        java.io.IOException
        org.bouncycastle.openpgp.PGPException
        CanceledException
        UnsupportedCredentialItem
        java.net.URISyntaxException
      • containsSigningKey

        static boolean containsSigningKey​(java.lang.String userId,
                                          java.lang.String signingKeySpec)
        Checks whether a given OpenPGP userId matches a given signingKeySpec, which is supposed to have one of the formats defined by GPG.

        Not all formats are supported; only formats starting with '=', '<', '@', and '*' are handled. Any other format results in a case-insensitive substring match.

        Parameters:
        userId - of a key
        signingKeySpec - GPG key identification
        Returns:
        whether the userId matches
        See Also:
        GPG Documentation: How to Specify a User ID
      • containsIgnoreCase

        private static boolean containsIgnoreCase​(java.lang.String a,
                                                  java.lang.String b)
      • toFingerprint

        private static java.lang.String toFingerprint​(java.lang.String keyId)
      • findPublicKey

        static org.bouncycastle.openpgp.PGPPublicKey findPublicKey​(java.lang.String fingerprint,
                                                                   java.lang.String keySpec)
                                                            throws java.io.IOException,
                                                                   org.bouncycastle.openpgp.PGPException
        Throws:
        java.io.IOException
        org.bouncycastle.openpgp.PGPException
      • findPublicKeyByKeyId

        private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyByKeyId​(org.bouncycastle.gpg.keybox.KeyBlob keyBlob,
                                                                                  java.lang.String keyId)
                                                                           throws java.io.IOException
        Throws:
        java.io.IOException
      • findPublicKeyByUserId

        private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyByUserId​(org.bouncycastle.gpg.keybox.KeyBlob keyBlob,
                                                                                   java.lang.String keySpec)
                                                                            throws java.io.IOException
        Throws:
        java.io.IOException
      • findPublicKeyInKeyBox

        private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyInKeyBox​(java.nio.file.Path keyboxFile,
                                                                                   java.lang.String keyId,
                                                                                   java.lang.String keySpec)
                                                                            throws java.io.IOException,
                                                                                   java.security.NoSuchAlgorithmException,
                                                                                   java.security.NoSuchProviderException,
                                                                                   BouncyCastleGpgKeyLocator.NoOpenPgpKeyException
        Finds a public key associated with the signing key.
        Parameters:
        keyboxFile - the KeyBox file
        keyId - to look for, may be null
        keySpec - to look for
        Returns:
        publicKey the public key (maybe null)
        Throws:
        java.io.IOException - in case of problems reading the file
        java.security.NoSuchAlgorithmException
        java.security.NoSuchProviderException
        BouncyCastleGpgKeyLocator.NoOpenPgpKeyException - if the file does not contain any OpenPGP key
      • findSecretKey

        @NonNull
        public BouncyCastleGpgKey findSecretKey()
                                         throws java.io.IOException,
                                                java.security.NoSuchAlgorithmException,
                                                java.security.NoSuchProviderException,
                                                org.bouncycastle.openpgp.PGPException,
                                                CanceledException,
                                                UnsupportedCredentialItem,
                                                java.net.URISyntaxException
        If there is a private key directory containing keys, use pubring.kbx or pubring.gpg to find the public key; then try to find the secret key in the directory.

        If there is no private key directory (or it doesn't contain any keys), try to find the key in secring.gpg directly.

        Returns:
        the secret key
        Throws:
        java.io.IOException - in case of issues reading key files
        java.security.NoSuchAlgorithmException
        java.security.NoSuchProviderException
        org.bouncycastle.openpgp.PGPException - in case of issues finding a key, including no key found
        CanceledException
        java.net.URISyntaxException
        UnsupportedCredentialItem
      • hasKeyFiles

        private boolean hasKeyFiles​(java.nio.file.Path dir)
      • loadKeyFromSecring

        private BouncyCastleGpgKey loadKeyFromSecring​(java.nio.file.Path secring)
                                               throws java.io.IOException,
                                                      org.bouncycastle.openpgp.PGPException
        Throws:
        java.io.IOException
        org.bouncycastle.openpgp.PGPException
      • findSecretKeyInLegacySecring

        private org.bouncycastle.openpgp.PGPSecretKey findSecretKeyInLegacySecring​(java.lang.String signingkey,
                                                                                   java.nio.file.Path secringFile)
                                                                            throws java.io.IOException,
                                                                                   org.bouncycastle.openpgp.PGPException
        Return the first suitable key for signing in the key ring collection. For this case we only expect there to be one key available for signing.

        Parameters:
        signingkey -
        secringFile -
        Returns:
        the first suitable PGP secret key found for signing
        Throws:
        java.io.IOException - on I/O related errors
        org.bouncycastle.openpgp.PGPException - on BouncyCastle errors
      • findPublicKeyInPubring

        private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyInPubring​(java.nio.file.Path pubringFile,
                                                                                    java.lang.String keyId,
                                                                                    java.lang.String keySpec)
                                                                             throws java.io.IOException,
                                                                                    org.bouncycastle.openpgp.PGPException
        Return the first public key matching the key id (signingKey.
        Parameters:
        pubringFile - to search
        keyId - to look for, may be null
        keySpec - to look for
        Returns:
        the PGP public key, or null if none found
        Throws:
        java.io.IOException - on I/O related errors
        org.bouncycastle.openpgp.PGPException - on BouncyCastle errors
      • getPublicKey

        private static org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(org.bouncycastle.gpg.keybox.KeyBlob blob,
                                                                          byte[] fingerprint)
                                                                   throws java.io.IOException
        Throws:
        java.io.IOException
      • getSigningPublicKey

        private static org.bouncycastle.openpgp.PGPPublicKey getSigningPublicKey​(org.bouncycastle.gpg.keybox.KeyBlob blob)
                                                                          throws java.io.IOException
        Throws:
        java.io.IOException
      • isSigningKey

        private static boolean isSigningKey​(org.bouncycastle.openpgp.PGPPublicKey key)