001// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org> 002// 003// SPDX-License-Identifier: Apache-2.0 004 005package org.pgpainless.key.protection; 006 007import org.bouncycastle.openpgp.PGPException; 008import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor; 009import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor; 010import org.pgpainless.implementation.ImplementationFactory; 011import org.pgpainless.key.protection.passphrase_provider.SecretKeyPassphraseProvider; 012import org.pgpainless.util.Passphrase; 013 014import javax.annotation.Nullable; 015 016public class BaseSecretKeyRingProtector implements SecretKeyRingProtector { 017 018 private final SecretKeyPassphraseProvider passphraseProvider; 019 private final KeyRingProtectionSettings protectionSettings; 020 021 public BaseSecretKeyRingProtector(SecretKeyPassphraseProvider passphraseProvider) { 022 this(passphraseProvider, KeyRingProtectionSettings.secureDefaultSettings()); 023 } 024 025 public BaseSecretKeyRingProtector(SecretKeyPassphraseProvider passphraseProvider, KeyRingProtectionSettings protectionSettings) { 026 this.passphraseProvider = passphraseProvider; 027 this.protectionSettings = protectionSettings; 028 } 029 030 @Override 031 public boolean hasPassphraseFor(Long keyId) { 032 return passphraseProvider.hasPassphrase(keyId); 033 } 034 035 @Override 036 @Nullable 037 public PBESecretKeyDecryptor getDecryptor(Long keyId) throws PGPException { 038 Passphrase passphrase = passphraseProvider.getPassphraseFor(keyId); 039 return passphrase == null || passphrase.isEmpty() ? null : 040 ImplementationFactory.getInstance().getPBESecretKeyDecryptor(passphrase); 041 } 042 043 @Override 044 @Nullable 045 public PBESecretKeyEncryptor getEncryptor(Long keyId) throws PGPException { 046 Passphrase passphrase = passphraseProvider.getPassphraseFor(keyId); 047 return passphrase == null || passphrase.isEmpty() ? null : 048 ImplementationFactory.getInstance().getPBESecretKeyEncryptor( 049 protectionSettings.getEncryptionAlgorithm(), 050 protectionSettings.getHashAlgorithm(), 051 protectionSettings.getS2kCount(), 052 passphrase); 053 } 054}