/**
* Reads private key from the provided InputStream
*
* @param input InputStream of the private key
* @return PGPSecretKey
* @throws LRException NO_KEY error if the key cannot be obtained from the input stream
*/
private PGPSecretKey readSecretKey(InputStream input) throws LRException {
PGPSecretKeyRingCollection pgpSec;
try {
pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(input));
} catch (Exception e) {
throw new LRException(LRException.NO_KEY);
}
java.util.Iterator keyRingIter = pgpSec.getKeyRings();
while (keyRingIter.hasNext()) {
PGPSecretKeyRing keyRing = (PGPSecretKeyRing) keyRingIter.next();
java.util.Iterator keyIter = keyRing.getSecretKeys();
while (keyIter.hasNext()) {
PGPSecretKey key = (PGPSecretKey) keyIter.next();
if (key.isSigningKey()) {
return key;
}
}
}
throw new LRException(LRException.NO_KEY);
}
/** Creates a {@link PersonalKey} from private and public key byte buffers. */
@SuppressWarnings("unchecked")
public static PersonalKey load(byte[] privateKeyData, char[] passphrase, byte[] bridgeCertData)
throws KonException, IOException, PGPException, CertificateException,
NoSuchProviderException {
PGPSecretKeyRing secRing = new PGPSecretKeyRing(privateKeyData, PGPUtils.FP_CALC);
PGPSecretKey authKey = null;
PGPSecretKey signKey = null;
PGPSecretKey encrKey = null;
// assign from key ring
Iterator<PGPSecretKey> skeys = secRing.getSecretKeys();
while (skeys.hasNext()) {
PGPSecretKey key = skeys.next();
if (key.isMasterKey()) {
// master key: authentication / legacy: signing
authKey = key;
} else {
// sub keys: encryption and signing / legacy: only encryption
int keyFlags = PGPUtils.getKeyFlags(key.getPublicKey());
if ((keyFlags & PGPKeyFlags.CAN_SIGN) == PGPKeyFlags.CAN_SIGN) signKey = key;
else encrKey = key;
}
}
// legacy: auth key is actually signing key
if (signKey == null && authKey != null && authKey.isSigningKey()) {
LOGGER.info("loading legacy key");
signKey = authKey;
}
if (authKey == null || signKey == null || encrKey == null)
throw new KonException(
KonException.Error.LOAD_KEY, new PGPException("could not found all keys in key data"));
// decrypt private
PGPDigestCalculatorProvider calcProv = new JcaPGPDigestCalculatorProviderBuilder().build();
PBESecretKeyDecryptor decryptor =
new JcePBESecretKeyDecryptorBuilder(calcProv)
.setProvider(PGPUtils.PROVIDER)
.build(passphrase);
PGPKeyPair authKeyPair = PGPUtils.decrypt(authKey, decryptor);
PGPKeyPair signKeyPair = PGPUtils.decrypt(signKey, decryptor);
PGPKeyPair encryptKeyPair = PGPUtils.decrypt(encrKey, decryptor);
// X.509 bridge certificate
X509Certificate bridgeCert = PGPUtils.loadX509Cert(bridgeCertData);
return new PersonalKey(authKeyPair, signKeyPair, encryptKeyPair, bridgeCert);
}
static PGPSecretKey readSecretKey() throws Exception {
InputStream input = new ByteArrayInputStream(getSecKeyRing());
PGPSecretKeyRingCollection pgpSec =
new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(input));
@SuppressWarnings("rawtypes")
Iterator keyRingIter = pgpSec.getKeyRings();
while (keyRingIter.hasNext()) {
PGPSecretKeyRing keyRing = (PGPSecretKeyRing) keyRingIter.next();
@SuppressWarnings("rawtypes")
Iterator keyIter = keyRing.getSecretKeys();
while (keyIter.hasNext()) {
PGPSecretKey key = (PGPSecretKey) keyIter.next();
if (key.isSigningKey()) {
return key;
}
}
}
throw new IllegalArgumentException("Can't find signing key in key ring.");
}
/**
* Returns the secret key matching the specified identifier.
*
* @param input the input stream containing the keyring collection
* @param keyId the 4 bytes identifier of the key
*/
private static PGPSecretKey getSecretKey(InputStream input, String keyId)
throws IOException, PGPException {
PGPSecretKeyRingCollection keyrings =
new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(input));
Iterator rIt = keyrings.getKeyRings();
while (rIt.hasNext()) {
PGPSecretKeyRing kRing = (PGPSecretKeyRing) rIt.next();
Iterator kIt = kRing.getSecretKeys();
while (kIt.hasNext()) {
PGPSecretKey key = (PGPSecretKey) kIt.next();
if (key.isSigningKey()
&& Long.toHexString(key.getKeyID() & 0xFFFFFFFFL).equals(keyId.toLowerCase())) {
return key;
}
}
}
return null;
}
