Package org.eclipse.jgit.gpg.bc.internal
Class BouncyCastleGpgKeyLocator
java.lang.Object
org.eclipse.jgit.gpg.bc.internal.BouncyCastleGpgKeyLocator
Locates GPG keys from either
~/.gnupg/private-keys-v1.d
or
~/.gnupg/secring.gpg
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static class
Thrown if a keybox file exists but doesn't contain an OpenPGP key. -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionBouncyCastleGpgKeyLocator
(String signingKey, BouncyCastleGpgKeyPassphrasePrompt passphrasePrompt) Create a new key locator for the specified signing key. -
Method Summary
Modifier and TypeMethodDescriptionprivate org.bouncycastle.openpgp.PGPSecretKey
attemptParseSecretKey
(Path keyFile, org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider calculatorProvider, SecretKeys.PassphraseSupplier passphraseSupplier, org.bouncycastle.openpgp.PGPPublicKey publicKey) private static boolean
containsIgnoreCase
(String a, String b) (package private) static boolean
containsSigningKey
(String userId, String signingKeySpec) Checks whether a given OpenPGPuserId
matches a givensigningKeySpec
, which is supposed to have one of the formats defined by GPG.private static Path
(package private) static org.bouncycastle.openpgp.PGPPublicKey
findPublicKey
(String fingerprint, String keySpec) private static org.bouncycastle.openpgp.PGPPublicKey
findPublicKeyByKeyId
(org.bouncycastle.gpg.keybox.KeyBlob keyBlob, String keyId) private static org.bouncycastle.openpgp.PGPPublicKey
findPublicKeyByUserId
(org.bouncycastle.gpg.keybox.KeyBlob keyBlob, String keySpec) private static org.bouncycastle.openpgp.PGPPublicKey
findPublicKeyInKeyBox
(Path keyboxFile, String keyId, String keySpec) Finds a public key associated with the signing key.private static org.bouncycastle.openpgp.PGPPublicKey
findPublicKeyInPubring
(Path pubringFile, String keyId, String keySpec) Return the first public key matching the key id (signingKey
.If there is a private key directory containing keys, use pubring.kbx or pubring.gpg to find the public key; then try to find the secret key in the directory.private BouncyCastleGpgKey
findSecretKeyForKeyBoxPublicKey
(org.bouncycastle.openpgp.PGPPublicKey publicKey, Path userKeyboxPath) private org.bouncycastle.openpgp.PGPSecretKey
findSecretKeyInLegacySecring
(String signingkey, Path secringFile) Return the first suitable key for signing in the key ring collection.private static org.bouncycastle.openpgp.PGPPublicKey
getPublicKey
(org.bouncycastle.gpg.keybox.KeyBlob blob, byte[] fingerprint) private static org.bouncycastle.openpgp.PGPPublicKey
getSigningPublicKey
(org.bouncycastle.gpg.keybox.KeyBlob blob) private boolean
hasKeyFiles
(Path dir) private static boolean
isSigningKey
(org.bouncycastle.openpgp.PGPPublicKey key) private BouncyCastleGpgKey
loadKeyFromSecring
(Path secring) private static org.bouncycastle.gpg.keybox.KeyBox
readKeyBoxFile
(Path keyboxFile) private static String
toFingerprint
(String keyId)
-
Field Details
-
log
private static final org.slf4j.Logger log -
GPG_DIRECTORY
-
USER_KEYBOX_PATH
-
USER_SECRET_KEY_DIR
-
USER_PGP_PUBRING_FILE
-
USER_PGP_LEGACY_SECRING_FILE
-
signingKey
-
passphrasePrompt
-
-
Constructor Details
-
BouncyCastleGpgKeyLocator
public BouncyCastleGpgKeyLocator(String signingKey, @NonNull BouncyCastleGpgKeyPassphrasePrompt passphrasePrompt) Create a new key locator for the specified signing key.The signing key must either be a hex representation of a specific key or a user identity substring (eg., email address). All keys in the KeyBox will be looked up in the order as returned by the KeyBox. A key id will be searched before attempting to find a key by user id.
- Parameters:
signingKey
- the signing key to search forpassphrasePrompt
- the provider to use when asking for key passphrase
-
-
Method Details
-
findGpgDirectory
-
attemptParseSecretKey
private org.bouncycastle.openpgp.PGPSecretKey attemptParseSecretKey(Path keyFile, org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider calculatorProvider, SecretKeys.PassphraseSupplier passphraseSupplier, org.bouncycastle.openpgp.PGPPublicKey publicKey) throws IOException, org.bouncycastle.openpgp.PGPException, CanceledException, UnsupportedCredentialItem, URISyntaxException - Throws:
IOException
org.bouncycastle.openpgp.PGPException
CanceledException
UnsupportedCredentialItem
URISyntaxException
-
containsSigningKey
Checks whether a given OpenPGPuserId
matches a givensigningKeySpec
, which is supposed to have one of the formats defined by GPG.Not all formats are supported; only formats starting with '=', '<', '@', and '*' are handled. Any other format results in a case-insensitive substring match.
- Parameters:
userId
- of a keysigningKeySpec
- GPG key identification- Returns:
- whether the
userId
matches - See Also:
-
containsIgnoreCase
-
toFingerprint
-
findPublicKey
static org.bouncycastle.openpgp.PGPPublicKey findPublicKey(String fingerprint, String keySpec) throws IOException, org.bouncycastle.openpgp.PGPException - Throws:
IOException
org.bouncycastle.openpgp.PGPException
-
findPublicKeyByKeyId
private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyByKeyId(org.bouncycastle.gpg.keybox.KeyBlob keyBlob, String keyId) throws IOException - Throws:
IOException
-
findPublicKeyByUserId
private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyByUserId(org.bouncycastle.gpg.keybox.KeyBlob keyBlob, String keySpec) throws IOException - Throws:
IOException
-
findPublicKeyInKeyBox
private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyInKeyBox(Path keyboxFile, String keyId, String keySpec) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, BouncyCastleGpgKeyLocator.NoOpenPgpKeyException Finds a public key associated with the signing key.- Parameters:
keyboxFile
- the KeyBox filekeyId
- to look for, may be nullkeySpec
- to look for- Returns:
- publicKey the public key (maybe
null
) - Throws:
IOException
- in case of problems reading the fileNoSuchAlgorithmException
NoSuchProviderException
BouncyCastleGpgKeyLocator.NoOpenPgpKeyException
- if the file does not contain any OpenPGP key
-
findSecretKey
@NonNull public BouncyCastleGpgKey findSecretKey() throws IOException, NoSuchAlgorithmException, NoSuchProviderException, org.bouncycastle.openpgp.PGPException, CanceledException, UnsupportedCredentialItem, URISyntaxExceptionIf there is a private key directory containing keys, use pubring.kbx or pubring.gpg to find the public key; then try to find the secret key in the directory.If there is no private key directory (or it doesn't contain any keys), try to find the key in secring.gpg directly.
- Returns:
- the secret key
- Throws:
IOException
- in case of issues reading key filesNoSuchAlgorithmException
NoSuchProviderException
org.bouncycastle.openpgp.PGPException
- in case of issues finding a key, including no key foundCanceledException
URISyntaxException
UnsupportedCredentialItem
-
hasKeyFiles
-
loadKeyFromSecring
private BouncyCastleGpgKey loadKeyFromSecring(Path secring) throws IOException, org.bouncycastle.openpgp.PGPException - Throws:
IOException
org.bouncycastle.openpgp.PGPException
-
findSecretKeyForKeyBoxPublicKey
private BouncyCastleGpgKey findSecretKeyForKeyBoxPublicKey(org.bouncycastle.openpgp.PGPPublicKey publicKey, Path userKeyboxPath) throws org.bouncycastle.openpgp.PGPException, CanceledException, UnsupportedCredentialItem, URISyntaxException - Throws:
org.bouncycastle.openpgp.PGPException
CanceledException
UnsupportedCredentialItem
URISyntaxException
-
findSecretKeyInLegacySecring
private org.bouncycastle.openpgp.PGPSecretKey findSecretKeyInLegacySecring(String signingkey, Path secringFile) throws IOException, org.bouncycastle.openpgp.PGPException Return the first suitable key for signing in the key ring collection. For this case we only expect there to be one key available for signing.- Parameters:
signingkey
-secringFile
-- Returns:
- the first suitable PGP secret key found for signing
- Throws:
IOException
- on I/O related errorsorg.bouncycastle.openpgp.PGPException
- on BouncyCastle errors
-
findPublicKeyInPubring
private static org.bouncycastle.openpgp.PGPPublicKey findPublicKeyInPubring(Path pubringFile, String keyId, String keySpec) throws IOException, org.bouncycastle.openpgp.PGPException Return the first public key matching the key id (signingKey
.- Parameters:
pubringFile
- to searchkeyId
- to look for, may be nullkeySpec
- to look for- Returns:
- the PGP public key, or
null
if none found - Throws:
IOException
- on I/O related errorsorg.bouncycastle.openpgp.PGPException
- on BouncyCastle errors
-
getPublicKey
private static org.bouncycastle.openpgp.PGPPublicKey getPublicKey(org.bouncycastle.gpg.keybox.KeyBlob blob, byte[] fingerprint) throws IOException - Throws:
IOException
-
getSigningPublicKey
private static org.bouncycastle.openpgp.PGPPublicKey getSigningPublicKey(org.bouncycastle.gpg.keybox.KeyBlob blob) throws IOException - Throws:
IOException
-
isSigningKey
private static boolean isSigningKey(org.bouncycastle.openpgp.PGPPublicKey key) -
readKeyBoxFile
private static org.bouncycastle.gpg.keybox.KeyBox readKeyBoxFile(Path keyboxFile) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, BouncyCastleGpgKeyLocator.NoOpenPgpKeyException
-