Package org.eclipse.jgit.gpg.bc.internal

Class BouncyCastleGpgKeyLocator

  • public class BouncyCastleGpgKeyLocator
extends java.lang.Object
    Locates GPG keys from either ~/.gnupg/private-keys-v1.d or ~/.gnupg/secring.gpg

    • Field Detail

      • log

        private static final org.slf4j.Logger log

      • GPG_DIRECTORY

        private static final java.nio.file.Path GPG_DIRECTORY

      • USER_KEYBOX_PATH

        private static final java.nio.file.Path USER_KEYBOX_PATH

      • USER_SECRET_KEY_DIR

        private static final java.nio.file.Path USER_SECRET_KEY_DIR

      • USER_PGP_PUBRING_FILE

        private static final java.nio.file.Path USER_PGP_PUBRING_FILE

      • USER_PGP_LEGACY_SECRING_FILE

        private static final java.nio.file.Path USER_PGP_LEGACY_SECRING_FILE

      • signingKey

        private final java.lang.String signingKey

    • Constructor Detail

      • BouncyCastleGpgKeyLocator

        public BouncyCastleGpgKeyLocator​(java.lang.String signingKey,
                                 @NonNull
                                 BouncyCastleGpgKeyPassphrasePrompt passphrasePrompt)
        Create a new key locator for the specified signing key.

        The signing key must either be a hex representation of a specific key or a user identity substring (eg., email address). All keys in the KeyBox will be looked up in the order as returned by the KeyBox. A key id will be searched before attempting to find a key by user id.

        Parameters:
        signingKey - the signing key to search for
        passphrasePrompt - the provider to use when asking for key passphrase

    • Method Detail

      • findGpgDirectory

        private static java.nio.file.Path findGpgDirectory()

      • attemptParseSecretKey

        private org.bouncycastle.openpgp.PGPSecretKey attemptParseSecretKey​(java.nio.file.Path keyFile,
                                                                    org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider calculatorProvider,
                                                                    org.bouncycastle.openpgp.operator.PBEProtectionRemoverFactory passphraseProvider,
                                                                    org.bouncycastle.openpgp.PGPPublicKey publicKey)

      • containsSigningKey

        static boolean containsSigningKey​(java.lang.String userId,
                                  java.lang.String signingKeySpec)
        Checks whether a given OpenPGP userId matches a given signingKeySpec, which is supposed to have one of the formats defined by GPG.

        Not all formats are supported; only formats starting with '=', '<', '@', and '*' are handled. Any other format results in a case-insensitive substring match.

        Parameters:
        userId - of a key
        signingKeySpec - GPG key identification
        Returns:
        whether the userId matches
        See Also:
        GPG Documentation: How to Specify a User ID

      • toFingerprint

        private java.lang.String toFingerprint​(java.lang.String keyId)

      • findPublicKeyByKeyId

        private org.bouncycastle.openpgp.PGPPublicKey findPublicKeyByKeyId​(org.bouncycastle.gpg.keybox.KeyBlob keyBlob)
                                                            throws java.io.IOException
        Throws:
        java.io.IOException

      • findPublicKeyByUserId

        private org.bouncycastle.openpgp.PGPPublicKey findPublicKeyByUserId​(org.bouncycastle.gpg.keybox.KeyBlob keyBlob)
                                                             throws java.io.IOException
        Throws:
        java.io.IOException

      • findPublicKeyInKeyBox

        private org.bouncycastle.openpgp.PGPPublicKey findPublicKeyInKeyBox​(java.nio.file.Path keyboxFile)
                                                             throws java.io.IOException,
                                                                    java.security.NoSuchAlgorithmException,
                                                                    java.security.NoSuchProviderException,
                                                                    BouncyCastleGpgKeyLocator.NoOpenPgpKeyException
        Finds a public key associated with the signing key.
        Parameters:
        keyboxFile - the KeyBox file
        Returns:
        publicKey the public key (maybe null)
        Throws:
        java.io.IOException - in case of problems reading the file
        java.security.NoSuchAlgorithmException
        java.security.NoSuchProviderException
        BouncyCastleGpgKeyLocator.NoOpenPgpKeyException - if the file does not contain any OpenPGP key

      • findSecretKey

        @NonNull
public BouncyCastleGpgKey findSecretKey()
                                 throws java.io.IOException,
                                        java.security.NoSuchAlgorithmException,
                                        java.security.NoSuchProviderException,
                                        org.bouncycastle.openpgp.PGPException,
                                        CanceledException,
                                        UnsupportedCredentialItem,
                                        java.net.URISyntaxException
        If there is a private key directory containing keys, use pubring.kbx or pubring.gpg to find the public key; then try to find the secret key in the directory.

        If there is no private key directory (or it doesn't contain any keys), try to find the key in secring.gpg directly.

        Returns:
        the secret key
        Throws:
        java.io.IOException - in case of issues reading key files
        java.security.NoSuchAlgorithmException
        java.security.NoSuchProviderException
        org.bouncycastle.openpgp.PGPException - in case of issues finding a key, including no key found
        CanceledException
        java.net.URISyntaxException
        UnsupportedCredentialItem

      • hasKeyFiles

        private boolean hasKeyFiles​(java.nio.file.Path dir)

      • loadKeyFromSecring

        private BouncyCastleGpgKey loadKeyFromSecring​(java.nio.file.Path secring)
                                       throws java.io.IOException,
                                              org.bouncycastle.openpgp.PGPException
        Throws:
        java.io.IOException
        org.bouncycastle.openpgp.PGPException

      • findSecretKeyInLegacySecring

        private org.bouncycastle.openpgp.PGPSecretKey findSecretKeyInLegacySecring​(java.lang.String signingkey,
                                                                           java.nio.file.Path secringFile)
                                                                    throws java.io.IOException,
                                                                           org.bouncycastle.openpgp.PGPException
        Return the first suitable key for signing in the key ring collection. For this case we only expect there to be one key available for signing.

        Parameters:
        signingkey -
        secringFile -
        Returns:
        the first suitable PGP secret key found for signing
        Throws:
        java.io.IOException - on I/O related errors
        org.bouncycastle.openpgp.PGPException - on BouncyCastle errors

      • findPublicKeyInPubring

        private org.bouncycastle.openpgp.PGPPublicKey findPublicKeyInPubring​(java.nio.file.Path pubringFile)
                                                              throws java.io.IOException,
                                                                     org.bouncycastle.openpgp.PGPException
        Return the first public key matching the key id (signingKey.
        Parameters:
        pubringFile -
        Returns:
        the PGP public key, or null if none found
        Throws:
        java.io.IOException - on I/O related errors
        org.bouncycastle.openpgp.PGPException - on BouncyCastle errors

      • getPublicKey

        private org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(org.bouncycastle.gpg.keybox.KeyBlob blob,
                                                           byte[] fingerprint)
                                                    throws java.io.IOException
        Throws:
        java.io.IOException

      • getSigningPublicKey

        private org.bouncycastle.openpgp.PGPPublicKey getSigningPublicKey​(org.bouncycastle.gpg.keybox.KeyBlob blob)
                                                           throws java.io.IOException
        Throws:
        java.io.IOException

      • isSigningKey

        private boolean isSigningKey​(org.bouncycastle.openpgp.PGPPublicKey key)