git-bug/entities/identity/key.go

package identity

import (
	"bytes"
	"encoding/json"
	"fmt"
	"io"
	"strings"
	"time"

	"github.com/ProtonMail/go-crypto/openpgp"
	"github.com/ProtonMail/go-crypto/openpgp/armor"
	"github.com/ProtonMail/go-crypto/openpgp/packet"
	"github.com/pkg/errors"

	"github.com/MichaelMure/git-bug/repository"
)

var errNoPrivateKey = fmt.Errorf("no private key")

type Key struct {
	public  *packet.PublicKey
	private *packet.PrivateKey
}

// GenerateKey generate a keypair (public+private)
// The type and configuration of the key is determined by the default value in go's OpenPGP.
func GenerateKey() *Key {
	entity, err := openpgp.NewEntity("", "", "", &packet.Config{
		// The armored format doesn't include the creation time, which makes the round-trip data not being fully equal.
		// We don't care about the creation time so we can set it to the zero value.
		Time: func() time.Time {
			return time.Time{}
		},
	})
	if err != nil {
		panic(err)
	}
	return &Key{
		public:  entity.PrimaryKey,
		private: entity.PrivateKey,
	}
}

// generatePublicKey generate only a public key (only useful for testing)
// See GenerateKey for the details.
func generatePublicKey() *Key {
	k := GenerateKey()
	k.private = nil
	return k
}

func (k *Key) Public() *packet.PublicKey {
	return k.public
}

func (k *Key) Private() *packet.PrivateKey {
	return k.private
}

func (k *Key) Validate() error {
	if k.public == nil {
		return fmt.Errorf("nil public key")
	}
	if !k.public.CanSign() {
		return fmt.Errorf("public key can't sign")
	}

	if k.private != nil {
		if !k.private.CanSign() {
			return fmt.Errorf("private key can't sign")
		}
	}

	return nil
}

func (k *Key) Clone() *Key {
	clone := &Key{}

	pub := *k.public
	clone.public = &pub

	if k.private != nil {
		priv := *k.private
		clone.private = &priv
	}

	return clone
}

func (k *Key) MarshalJSON() ([]byte, error) {
	// Serialize only the public key, in the armored format.
	var buf bytes.Buffer
	w, err := armor.Encode(&buf, openpgp.PublicKeyType, nil)
	if err != nil {
		return nil, err
	}

	err = k.public.Serialize(w)
	if err != nil {
		return nil, err
	}
	err = w.Close()
	if err != nil {
		return nil, err
	}
	return json.Marshal(buf.String())
}

func (k *Key) UnmarshalJSON(data []byte) error {
	// De-serialize only the public key, in the armored format.
	var armored string
	err := json.Unmarshal(data, &armored)
	if err != nil {
		return err
	}

	block, err := armor.Decode(strings.NewReader(armored))
	if err == io.EOF {
		return fmt.Errorf("no armored data found")
	}
	if err != nil {
		return err
	}

	if block.Type != openpgp.PublicKeyType {
		return fmt.Errorf("invalid key type")
	}

	p, err := packet.Read(block.Body)
	if err != nil {
		return errors.Wrap(err, "failed to read public key packet")
	}

	public, ok := p.(*packet.PublicKey)
	if !ok {
		return errors.New("got no packet.publicKey")
	}

	// The armored format doesn't include the creation time, which makes the round-trip data not being fully equal.
	// We don't care about the creation time so we can set it to the zero value.
	public.CreationTime = time.Time{}

	k.public = public
	return nil
}

func (k *Key) loadPrivate(repo repository.RepoKeyring) error {
	item, err := repo.Keyring().Get(k.public.KeyIdString())
	if err == repository.ErrKeyringKeyNotFound {
		return errNoPrivateKey
	}
	if err != nil {
		return err
	}

	block, err := armor.Decode(bytes.NewReader(item.Data))
	if err == io.EOF {
		return fmt.Errorf("no armored data found")
	}
	if err != nil {
		return err
	}

	if block.Type != openpgp.PrivateKeyType {
		return fmt.Errorf("invalid key type")
	}

	p, err := packet.Read(block.Body)
	if err != nil {
		return errors.Wrap(err, "failed to read private key packet")
	}

	private, ok := p.(*packet.PrivateKey)
	if !ok {
		return errors.New("got no packet.privateKey")
	}

	// The armored format doesn't include the creation time, which makes the round-trip data not being fully equal.
	// We don't care about the creation time so we can set it to the zero value.
	private.CreationTime = time.Time{}

	k.private = private
	return nil
}

// ensurePrivateKey attempt to load the corresponding private key if it is not loaded already.
// If no private key is found, returns errNoPrivateKey
func (k *Key) ensurePrivateKey(repo repository.RepoKeyring) error {
	if k.private != nil {
		return nil
	}

	return k.loadPrivate(repo)
}

func (k *Key) storePrivate(repo repository.RepoKeyring) error {
	var buf bytes.Buffer
	w, err := armor.Encode(&buf, openpgp.PrivateKeyType, nil)
	if err != nil {
		return err
	}
	err = k.private.Serialize(w)
	if err != nil {
		return err
	}
	err = w.Close()
	if err != nil {
		return err
	}

	return repo.Keyring().Set(repository.Item{
		Key:  k.public.KeyIdString(),
		Data: buf.Bytes(),
	})
}

func (k *Key) PGPEntity() *openpgp.Entity {
	uid := packet.NewUserId("", "", "")
	return &openpgp.Entity{
		PrimaryKey: k.public,
		PrivateKey: k.private,
		Identities: map[string]*openpgp.Identity{
			uid.Id: {
				Name:   uid.Id,
				UserId: uid,
				SelfSignature: &packet.Signature{
					IsPrimaryId: func() *bool { b := true; return &b }(),
				},
			},
		},
	}
}
WIP identity in git 2018-11-21 20:56:12 +03:00			`package identity`

WIP 2021-01-04 01:59:25 +03:00			`import (`
			`"bytes"`
			`"encoding/json"`
			`"fmt"`
			`"io"`
			`"strings"`
			`"time"`

update keyring and migrate to github.com/ProtonMail/go-crypto 2022-02-15 23:35:49 +03:00			`"github.com/ProtonMail/go-crypto/openpgp"`
			`"github.com/ProtonMail/go-crypto/openpgp/armor"`
			`"github.com/ProtonMail/go-crypto/openpgp/packet"`
WIP 2021-01-04 01:59:25 +03:00			`"github.com/pkg/errors"`

			`"github.com/MichaelMure/git-bug/repository"`
			`)`

entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`var errNoPrivateKey = fmt.Errorf("no private key")`

WIP identity in git 2018-11-21 20:56:12 +03:00			`type Key struct {`
WIP 2021-01-04 01:59:25 +03:00			`public *packet.PublicKey`
			`private *packet.PrivateKey`
			`}`

			`// GenerateKey generate a keypair (public+private)`
entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`// The type and configuration of the key is determined by the default value in go's OpenPGP.`
WIP 2021-01-04 01:59:25 +03:00			`func GenerateKey() *Key {`
			`entity, err := openpgp.NewEntity("", "", "", &packet.Config{`
			`// The armored format doesn't include the creation time, which makes the round-trip data not being fully equal.`
			`// We don't care about the creation time so we can set it to the zero value.`
			`Time: func() time.Time {`
			`return time.Time{}`
			`},`
			`})`
			`if err != nil {`
			`panic(err)`
			`}`
			`return &Key{`
			`public: entity.PrimaryKey,`
			`private: entity.PrivateKey,`
			`}`
			`}`

			`// generatePublicKey generate only a public key (only useful for testing)`
			`// See GenerateKey for the details.`
			`func generatePublicKey() *Key {`
			`k := GenerateKey()`
			`k.private = nil`
			`return k`
			`}`

entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`func (k Key) Public() packet.PublicKey {`
			`return k.public`
			`}`

			`func (k Key) Private() packet.PrivateKey {`
			`return k.private`
			`}`

			`func (k *Key) Validate() error {`
			`if k.public == nil {`
			`return fmt.Errorf("nil public key")`
			`}`
			`if !k.public.CanSign() {`
			`return fmt.Errorf("public key can't sign")`
			`}`

			`if k.private != nil {`
			`if !k.private.CanSign() {`
			`return fmt.Errorf("private key can't sign")`
			`}`
			`}`

			`return nil`
			`}`

			`func (k Key) Clone() Key {`
			`clone := &Key{}`

			`pub := *k.public`
			`clone.public = &pub`

			`if k.private != nil {`
			`priv := *k.private`
			`clone.private = &priv`
			`}`

			`return clone`
			`}`

WIP 2021-01-04 01:59:25 +03:00			`func (k *Key) MarshalJSON() ([]byte, error) {`
entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`// Serialize only the public key, in the armored format.`
WIP 2021-01-04 01:59:25 +03:00			`var buf bytes.Buffer`
			`w, err := armor.Encode(&buf, openpgp.PublicKeyType, nil)`
			`if err != nil {`
			`return nil, err`
			`}`
entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00
WIP 2021-01-04 01:59:25 +03:00			`err = k.public.Serialize(w)`
			`if err != nil {`
			`return nil, err`
			`}`
			`err = w.Close()`
			`if err != nil {`
			`return nil, err`
			`}`
			`return json.Marshal(buf.String())`
			`}`

			`func (k *Key) UnmarshalJSON(data []byte) error {`
entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`// De-serialize only the public key, in the armored format.`
WIP 2021-01-04 01:59:25 +03:00			`var armored string`
			`err := json.Unmarshal(data, &armored)`
			`if err != nil {`
			`return err`
			`}`

			`block, err := armor.Decode(strings.NewReader(armored))`
			`if err == io.EOF {`
			`return fmt.Errorf("no armored data found")`
			`}`
			`if err != nil {`
			`return err`
			`}`

			`if block.Type != openpgp.PublicKeyType {`
			`return fmt.Errorf("invalid key type")`
			`}`

entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`p, err := packet.Read(block.Body)`
WIP 2021-01-04 01:59:25 +03:00			`if err != nil {`
			`return errors.Wrap(err, "failed to read public key packet")`
			`}`

			`public, ok := p.(*packet.PublicKey)`
			`if !ok {`
			`return errors.New("got no packet.publicKey")`
			`}`

			`// The armored format doesn't include the creation time, which makes the round-trip data not being fully equal.`
			`// We don't care about the creation time so we can set it to the zero value.`
			`public.CreationTime = time.Time{}`

			`k.public = public`
			`return nil`
WIP identity in git 2018-11-21 20:56:12 +03:00			`}`
identity: more cleaning and fixes after a code review 2019-01-20 17:41:27 +03:00
entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`func (k *Key) loadPrivate(repo repository.RepoKeyring) error {`
			`item, err := repo.Keyring().Get(k.public.KeyIdString())`
			`if err == repository.ErrKeyringKeyNotFound {`
			`return errNoPrivateKey`
WIP 2021-01-04 01:59:25 +03:00			`}`
entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`if err != nil {`
			`return err`
WIP 2021-01-04 01:59:25 +03:00			`}`

entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`block, err := armor.Decode(bytes.NewReader(item.Data))`
			`if err == io.EOF {`
			`return fmt.Errorf("no armored data found")`
			`}`
			`if err != nil {`
			`return err`
WIP 2021-01-04 01:59:25 +03:00			`}`
identity: more cleaning and fixes after a code review 2019-01-20 17:41:27 +03:00
entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`if block.Type != openpgp.PrivateKeyType {`
			`return fmt.Errorf("invalid key type")`
			`}`
WIP 2021-01-04 01:59:25 +03:00
entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`p, err := packet.Read(block.Body)`
			`if err != nil {`
			`return errors.Wrap(err, "failed to read private key packet")`
			`}`
WIP 2021-01-04 01:59:25 +03:00
entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`private, ok := p.(*packet.PrivateKey)`
			`if !ok {`
			`return errors.New("got no packet.privateKey")`
WIP 2021-01-04 01:59:25 +03:00			`}`

entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`// The armored format doesn't include the creation time, which makes the round-trip data not being fully equal.`
			`// We don't care about the creation time so we can set it to the zero value.`
			`private.CreationTime = time.Time{}`

			`k.private = private`
			`return nil`
WIP 2021-01-04 01:59:25 +03:00			`}`

entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`// ensurePrivateKey attempt to load the corresponding private key if it is not loaded already.`
			`// If no private key is found, returns errNoPrivateKey`
			`func (k *Key) ensurePrivateKey(repo repository.RepoKeyring) error {`
WIP 2021-01-04 01:59:25 +03:00			`if k.private != nil {`
			`return nil`
			`}`

entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`return k.loadPrivate(repo)`
WIP 2021-01-04 01:59:25 +03:00			`}`

entity: more progress on merging and signing 2021-01-24 21:45:21 +03:00			`func (k *Key) storePrivate(repo repository.RepoKeyring) error {`
			`var buf bytes.Buffer`
			`w, err := armor.Encode(&buf, openpgp.PrivateKeyType, nil)`
			`if err != nil {`
			`return err`
			`}`
			`err = k.private.Serialize(w)`
			`if err != nil {`
			`return err`
			`}`
			`err = w.Close()`
			`if err != nil {`
			`return err`
			`}`

			`return repo.Keyring().Set(repository.Item{`
			`Key: k.public.KeyIdString(),`
			`Data: buf.Bytes(),`
			`})`
WIP 2021-01-04 01:59:25 +03:00			`}`

			`func (k Key) PGPEntity() openpgp.Entity {`
update keyring and migrate to github.com/ProtonMail/go-crypto 2022-02-15 23:35:49 +03:00			`uid := packet.NewUserId("", "", "")`
WIP 2021-01-04 01:59:25 +03:00			`return &openpgp.Entity{`
			`PrimaryKey: k.public,`
			`PrivateKey: k.private,`
update keyring and migrate to github.com/ProtonMail/go-crypto 2022-02-15 23:35:49 +03:00			`Identities: map[string]*openpgp.Identity{`
			`uid.Id: {`
			`Name: uid.Id,`
			`UserId: uid,`
			`SelfSignature: &packet.Signature{`
			`IsPrimaryId: func() *bool { b := true; return &b }(),`
			`},`
			`},`
			`},`
WIP 2021-01-04 01:59:25 +03:00			`}`
			`}`