crypto: consistently use secret key nomenclature
This commit is contained in:
Harsh Shandilya
parent
1f4ed1b194
commit
15f2489550
8 changed files with 41 additions and 42 deletions
|
|
@ -14,13 +14,13 @@ import java.io.OutputStream
|
|||
public interface CryptoHandler<Key> {
|
||||
|
||||
/**
|
||||
* Decrypt the given [ciphertextStream] using a [privateKey] and [passphrase], and writes the
|
||||
* Decrypt the given [ciphertextStream] using a [secretKey] and [passphrase], and writes the
|
||||
* resultant plaintext to [outputStream]. The returned [Result] should be checked to ensure it is
|
||||
* **not** an instance of [com.github.michaelbull.result.Err] before the contents of
|
||||
* [outputStream] are used.
|
||||
*/
|
||||
public fun decrypt(
|
||||
privateKey: Key,
|
||||
secretKey: Key,
|
||||
passphrase: String,
|
||||
ciphertextStream: InputStream,
|
||||
outputStream: OutputStream,
|
||||
|
|
|
|||
|
|
@ -31,13 +31,13 @@ import org.pgpainless.util.Passphrase
|
|||
public class PGPainlessCryptoHandler @Inject constructor() : CryptoHandler<PGPKey> {
|
||||
|
||||
public override fun decrypt(
|
||||
privateKey: PGPKey,
|
||||
secretKey: PGPKey,
|
||||
passphrase: String,
|
||||
ciphertextStream: InputStream,
|
||||
outputStream: OutputStream,
|
||||
): Result<Unit, CryptoHandlerException> =
|
||||
runCatching {
|
||||
val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(privateKey.contents)
|
||||
val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(secretKey.contents)
|
||||
val keyringCollection = PGPSecretKeyRingCollection(listOf(pgpSecretKeyRing))
|
||||
val protector =
|
||||
PasswordBasedSecretKeyRingProtector.forKey(
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ package app.passwordstore.crypto
|
|||
|
||||
import app.passwordstore.crypto.KeyUtils.tryGetId
|
||||
import app.passwordstore.crypto.KeyUtils.tryParseKeyring
|
||||
import app.passwordstore.crypto.TestUtils.getArmoredPrivateKeyWithMultipleIdentities
|
||||
import app.passwordstore.crypto.TestUtils.getArmoredSecretKeyWithMultipleIdentities
|
||||
import kotlin.test.Test
|
||||
import kotlin.test.assertEquals
|
||||
import kotlin.test.assertIs
|
||||
|
|
@ -12,7 +12,7 @@ import org.bouncycastle.openpgp.PGPSecretKeyRing
|
|||
class KeyUtilsTest {
|
||||
@Test
|
||||
fun parseKeyWithMultipleIdentities() {
|
||||
val key = PGPKey(getArmoredPrivateKeyWithMultipleIdentities())
|
||||
val key = PGPKey(getArmoredSecretKeyWithMultipleIdentities())
|
||||
val keyring = tryParseKeyring(key)
|
||||
assertNotNull(keyring)
|
||||
assertIs<PGPSecretKeyRing>(keyring)
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@ package app.passwordstore.crypto
|
|||
|
||||
import app.passwordstore.crypto.GpgIdentifier.KeyId
|
||||
import app.passwordstore.crypto.GpgIdentifier.UserId
|
||||
import app.passwordstore.crypto.TestUtils.getArmoredPrivateKeyWithMultipleIdentities
|
||||
import app.passwordstore.crypto.errors.KeyAlreadyExistsException
|
||||
import app.passwordstore.crypto.errors.KeyNotFoundException
|
||||
import app.passwordstore.crypto.errors.NoKeysAvailableException
|
||||
|
|
@ -32,12 +31,12 @@ import org.junit.rules.TemporaryFolder
|
|||
class PGPKeyManagerTest {
|
||||
|
||||
@get:Rule val temporaryFolder: TemporaryFolder = TemporaryFolder()
|
||||
private val filesDir by unsafeLazy { temporaryFolder.root }
|
||||
private val keysDir by unsafeLazy { File(filesDir, PGPKeyManager.KEY_DIR_NAME) }
|
||||
private val dispatcher = StandardTestDispatcher()
|
||||
private val scope = TestScope(dispatcher)
|
||||
private val filesDir by unsafeLazy { temporaryFolder.root }
|
||||
private val keysDir by unsafeLazy { File(filesDir, PGPKeyManager.KEY_DIR_NAME) }
|
||||
private val keyManager by unsafeLazy { PGPKeyManager(filesDir.absolutePath, dispatcher) }
|
||||
private val privateKey = PGPKey(TestUtils.getArmoredPrivateKey())
|
||||
private val secretKey = PGPKey(TestUtils.getArmoredSecretKey())
|
||||
private val publicKey = PGPKey(TestUtils.getArmoredPublicKey())
|
||||
|
||||
private fun <T> unsafeLazy(initializer: () -> T) =
|
||||
|
|
@ -57,7 +56,7 @@ class PGPKeyManagerTest {
|
|||
fun addKey() =
|
||||
scope.runTest {
|
||||
// Check if the key id returned is correct
|
||||
val keyId = keyManager.getKeyId(keyManager.addKey(privateKey).unwrap())
|
||||
val keyId = keyManager.getKeyId(keyManager.addKey(secretKey).unwrap())
|
||||
assertEquals(KeyId(CryptoConstants.KEY_ID), keyId)
|
||||
|
||||
// Check if the keys directory have one file
|
||||
|
|
@ -72,8 +71,8 @@ class PGPKeyManagerTest {
|
|||
fun addKeyWithoutReplaceFlag() =
|
||||
scope.runTest {
|
||||
// Check adding the keys twice
|
||||
keyManager.addKey(privateKey, false).unwrap()
|
||||
val error = keyManager.addKey(privateKey, false).unwrapError()
|
||||
keyManager.addKey(secretKey, false).unwrap()
|
||||
val error = keyManager.addKey(secretKey, false).unwrapError()
|
||||
|
||||
assertIs<KeyAlreadyExistsException>(error)
|
||||
}
|
||||
|
|
@ -82,8 +81,8 @@ class PGPKeyManagerTest {
|
|||
fun addKeyWithReplaceFlag() =
|
||||
scope.runTest {
|
||||
// Check adding the keys twice
|
||||
keyManager.addKey(privateKey, true).unwrap()
|
||||
val keyId = keyManager.getKeyId(keyManager.addKey(privateKey, true).unwrap())
|
||||
keyManager.addKey(secretKey, true).unwrap()
|
||||
val keyId = keyManager.getKeyId(keyManager.addKey(secretKey, true).unwrap())
|
||||
|
||||
assertEquals(KeyId(CryptoConstants.KEY_ID), keyId)
|
||||
}
|
||||
|
|
@ -92,10 +91,10 @@ class PGPKeyManagerTest {
|
|||
fun removeKey() =
|
||||
scope.runTest {
|
||||
// Add key using KeyManager
|
||||
keyManager.addKey(privateKey).unwrap()
|
||||
keyManager.addKey(secretKey).unwrap()
|
||||
|
||||
// Check if the key id returned is correct
|
||||
val keyId = keyManager.getKeyId(keyManager.removeKey(privateKey).unwrap())
|
||||
val keyId = keyManager.getKeyId(keyManager.removeKey(secretKey).unwrap())
|
||||
assertEquals(KeyId(CryptoConstants.KEY_ID), keyId)
|
||||
|
||||
// Check if the keys directory have 0 files
|
||||
|
|
@ -107,42 +106,42 @@ class PGPKeyManagerTest {
|
|||
fun getKeyById() =
|
||||
scope.runTest {
|
||||
// Add key using KeyManager
|
||||
keyManager.addKey(privateKey).unwrap()
|
||||
keyManager.addKey(secretKey).unwrap()
|
||||
|
||||
val keyId = keyManager.getKeyId(privateKey)
|
||||
val keyId = keyManager.getKeyId(secretKey)
|
||||
assertNotNull(keyId)
|
||||
assertEquals(KeyId(CryptoConstants.KEY_ID), keyManager.getKeyId(privateKey))
|
||||
assertEquals(KeyId(CryptoConstants.KEY_ID), keyManager.getKeyId(secretKey))
|
||||
|
||||
// Check returned key id matches the expected id and the created key id
|
||||
val returnedKey = keyManager.getKeyById(keyId).unwrap()
|
||||
assertEquals(keyManager.getKeyId(privateKey), keyManager.getKeyId(returnedKey))
|
||||
assertEquals(keyManager.getKeyId(secretKey), keyManager.getKeyId(returnedKey))
|
||||
}
|
||||
|
||||
@Test
|
||||
fun getKeyByFullUserId() =
|
||||
scope.runTest {
|
||||
keyManager.addKey(privateKey).unwrap()
|
||||
keyManager.addKey(secretKey).unwrap()
|
||||
|
||||
val keyId = "${CryptoConstants.KEY_NAME} <${CryptoConstants.KEY_EMAIL}>"
|
||||
val returnedKey = keyManager.getKeyById(UserId(keyId)).unwrap()
|
||||
assertEquals(keyManager.getKeyId(privateKey), keyManager.getKeyId(returnedKey))
|
||||
assertEquals(keyManager.getKeyId(secretKey), keyManager.getKeyId(returnedKey))
|
||||
}
|
||||
|
||||
@Test
|
||||
fun getKeyByEmailUserId() =
|
||||
scope.runTest {
|
||||
keyManager.addKey(privateKey).unwrap()
|
||||
keyManager.addKey(secretKey).unwrap()
|
||||
|
||||
val keyId = CryptoConstants.KEY_EMAIL
|
||||
val returnedKey = keyManager.getKeyById(UserId(keyId)).unwrap()
|
||||
assertEquals(keyManager.getKeyId(privateKey), keyManager.getKeyId(returnedKey))
|
||||
assertEquals(keyManager.getKeyId(secretKey), keyManager.getKeyId(returnedKey))
|
||||
}
|
||||
|
||||
@Test
|
||||
fun getNonExistentKey() =
|
||||
scope.runTest {
|
||||
// Add key using KeyManager
|
||||
keyManager.addKey(privateKey).unwrap()
|
||||
keyManager.addKey(secretKey).unwrap()
|
||||
|
||||
val keyId = KeyId(0x08edf7567183ce44)
|
||||
|
||||
|
|
@ -169,8 +168,8 @@ class PGPKeyManagerTest {
|
|||
assertEquals(0, noKeyList.size)
|
||||
|
||||
// Add key using KeyManager
|
||||
keyManager.addKey(privateKey).unwrap()
|
||||
keyManager.addKey(PGPKey(getArmoredPrivateKeyWithMultipleIdentities())).unwrap()
|
||||
keyManager.addKey(secretKey).unwrap()
|
||||
keyManager.addKey(PGPKey(TestUtils.getArmoredSecretKeyWithMultipleIdentities())).unwrap()
|
||||
|
||||
// Check if KeyManager returns one key
|
||||
val singleKeyList = keyManager.getAllKeys().unwrap()
|
||||
|
|
@ -180,7 +179,7 @@ class PGPKeyManagerTest {
|
|||
@Test
|
||||
fun getMultipleIdentityKeyWithAllIdentities() {
|
||||
scope.runTest {
|
||||
val key = PGPKey(getArmoredPrivateKeyWithMultipleIdentities())
|
||||
val key = PGPKey(TestUtils.getArmoredSecretKeyWithMultipleIdentities())
|
||||
keyManager.addKey(key).unwrap()
|
||||
|
||||
val johnKey = keyManager.getKeyById(UserId("john@doe.org")).unwrap()
|
||||
|
|
@ -191,9 +190,9 @@ class PGPKeyManagerTest {
|
|||
}
|
||||
|
||||
@Test
|
||||
fun replacePrivateKeyWithPublicKey() {
|
||||
fun replaceSecretKeyWithPublicKey() {
|
||||
scope.runTest {
|
||||
assertIs<Ok<PGPKey>>(keyManager.addKey(privateKey))
|
||||
assertIs<Ok<PGPKey>>(keyManager.addKey(secretKey))
|
||||
assertIs<Err<KeyAlreadyExistsException>>(keyManager.addKey(publicKey))
|
||||
}
|
||||
}
|
||||
|
|
@ -202,7 +201,7 @@ class PGPKeyManagerTest {
|
|||
fun replacePublicKeyWithSecretKey() {
|
||||
scope.runTest {
|
||||
assertIs<Ok<PGPKey>>(keyManager.addKey(publicKey))
|
||||
assertIs<Ok<PGPKey>>(keyManager.addKey(privateKey))
|
||||
assertIs<Ok<PGPKey>>(keyManager.addKey(secretKey))
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -222,8 +221,8 @@ class PGPKeyManagerTest {
|
|||
@Test
|
||||
fun replaceSecretKeyWithSecretKey() {
|
||||
scope.runTest {
|
||||
assertIs<Ok<PGPKey>>(keyManager.addKey(privateKey))
|
||||
assertIs<Err<KeyAlreadyExistsException>>(keyManager.addKey(privateKey))
|
||||
assertIs<Ok<PGPKey>>(keyManager.addKey(secretKey))
|
||||
assertIs<Err<KeyAlreadyExistsException>>(keyManager.addKey(secretKey))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,8 +22,8 @@ import org.junit.runner.RunWith
|
|||
@Suppress("Unused") // Test runner handles it internally
|
||||
enum class EncryptionKey(val keySet: List<PGPKey>) {
|
||||
PUBLIC(listOf(PGPKey(TestUtils.getArmoredPublicKey()))),
|
||||
SECRET(listOf(PGPKey(TestUtils.getArmoredPrivateKey()))),
|
||||
ALL(listOf(PGPKey(TestUtils.getArmoredPublicKey()), PGPKey(TestUtils.getArmoredPrivateKey()))),
|
||||
SECRET(listOf(PGPKey(TestUtils.getArmoredSecretKey()))),
|
||||
ALL(listOf(PGPKey(TestUtils.getArmoredPublicKey()), PGPKey(TestUtils.getArmoredSecretKey()))),
|
||||
}
|
||||
|
||||
@RunWith(TestParameterInjector::class)
|
||||
|
|
@ -31,7 +31,7 @@ class PGPainlessCryptoHandlerTest {
|
|||
|
||||
@TestParameter private lateinit var encryptionKey: EncryptionKey
|
||||
private val cryptoHandler = PGPainlessCryptoHandler()
|
||||
private val privateKey = PGPKey(TestUtils.getArmoredPrivateKey())
|
||||
private val secretKey = PGPKey(TestUtils.getArmoredSecretKey())
|
||||
|
||||
@Test
|
||||
fun encryptAndDecrypt() {
|
||||
|
|
@ -46,7 +46,7 @@ class PGPainlessCryptoHandlerTest {
|
|||
val plaintextStream = ByteArrayOutputStream()
|
||||
val decryptRes =
|
||||
cryptoHandler.decrypt(
|
||||
privateKey,
|
||||
secretKey,
|
||||
CryptoConstants.KEY_PASSPHRASE,
|
||||
ciphertextStream.toByteArray().inputStream(),
|
||||
plaintextStream,
|
||||
|
|
@ -68,7 +68,7 @@ class PGPainlessCryptoHandlerTest {
|
|||
val plaintextStream = ByteArrayOutputStream()
|
||||
val result =
|
||||
cryptoHandler.decrypt(
|
||||
privateKey,
|
||||
secretKey,
|
||||
"very incorrect passphrase",
|
||||
ciphertextStream.toByteArray().inputStream(),
|
||||
plaintextStream,
|
||||
|
|
|
|||
|
|
@ -7,10 +7,10 @@
|
|||
package app.passwordstore.crypto
|
||||
|
||||
object TestUtils {
|
||||
fun getArmoredPrivateKey() = this::class.java.classLoader.getResource("private_key").readBytes()
|
||||
fun getArmoredSecretKey() = this::class.java.classLoader.getResource("secret_key").readBytes()
|
||||
fun getArmoredPublicKey() = this::class.java.classLoader.getResource("public_key").readBytes()
|
||||
fun getArmoredPrivateKeyWithMultipleIdentities() =
|
||||
this::class.java.classLoader.getResource("private_key_multiple_identities").readBytes()
|
||||
fun getArmoredSecretKeyWithMultipleIdentities() =
|
||||
this::class.java.classLoader.getResource("secret_key_multiple_identities").readBytes()
|
||||
fun getArmoredPublicKeyWithMultipleIdentities() =
|
||||
this::class.java.classLoader.getResource("public_key_multiple_identities").readBytes()
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue