func (fe *FileEntityFetcher) FetchEntity(keyId string) (*openpgp.Entity, error) {
f, err := wkfs.Open(fe.File)
if err != nil {
return nil, fmt.Errorf("jsonsign: FetchEntity: %v", err)
}
defer f.Close()
el, err := openpgp.ReadKeyRing(f)
if err != nil {
return nil, fmt.Errorf("jsonsign: openpgp.ReadKeyRing of %q: %v", fe.File, err)
}
for _, e := range el {
pubk := &e.PrivateKey.PublicKey
if pubk.KeyIdString() != keyId {
continue
}
if e.PrivateKey.Encrypted {
if err := fe.decryptEntity(e); err == nil {
return e, nil
} else {
return nil, err
}
}
return e, nil
}
return nil, fmt.Errorf("jsonsign: entity for keyid %q not found in %q", keyId, fe.File)
}
// KeyIdFromRing returns the public keyId contained in the secret
// ring file secRing. It expects only one keyId in this secret ring
// and returns an error otherwise.
func KeyIdFromRing(secRing string) (keyId string, err error) {
f, err := os.Open(secRing)
if err != nil {
return "", fmt.Errorf("Could not open secret ring file %v: %v", secRing, err)
}
defer f.Close()
el, err := openpgp.ReadKeyRing(f)
if err != nil {
return "", fmt.Errorf("Could not read secret ring file %s: %v", secRing, err)
}
if len(el) != 1 {
return "", fmt.Errorf("Secret ring file %v contained %d identities; expected 1", secRing, len(el))
}
ent := el[0]
return ent.PrimaryKey.KeyIdShortString(), nil
}
func keyIdFromRing(filename string) (keyId string, err error) {
f, err := os.Open(filename)
if err != nil {
return "", fmt.Errorf("reading identity secret ring file: %v", err)
}
defer f.Close()
el, err := openpgp.ReadKeyRing(f)
if err != nil {
return "", fmt.Errorf("reading identity secret ring file %s: %v", filename, err)
}
if len(el) != 1 {
return "", fmt.Errorf("identity secret ring file contained %d identities; expected 1", len(el))
}
ent := el[0]
return ent.PrimaryKey.KeyIdShortString(), nil
}
// EntityFromSecring returns the openpgp Entity from keyFile that matches keyId.
// If empty, keyFile defaults to osutil.SecretRingFile().
func EntityFromSecring(keyId, keyFile string) (*openpgp.Entity, error) {
if keyId == "" {
return nil, errors.New("empty keyId passed to EntityFromSecring")
}
keyId = strings.ToUpper(keyId)
if keyFile == "" {
keyFile = osutil.SecretRingFile()
}
secring, err := wkfs.Open(keyFile)
if err != nil {
return nil, fmt.Errorf("jsonsign: failed to open keyring: %v", err)
}
defer secring.Close()
el, err := openpgp.ReadKeyRing(secring)
if err != nil {
return nil, fmt.Errorf("openpgp.ReadKeyRing of %q: %v", keyFile, err)
}
var entity *openpgp.Entity
for _, e := range el {
pk := e.PrivateKey
if pk == nil || (pk.KeyIdString() != keyId && pk.KeyIdShortString() != keyId) {
continue
}
entity = e
}
if entity == nil {
found := []string{}
for _, e := range el {
pk := e.PrivateKey
if pk == nil {
continue
}
found = append(found, pk.KeyIdShortString())
}
return nil, fmt.Errorf("didn't find a key in %q for keyId %q; other keyIds in file = %v", keyFile, keyId, found)
}
return entity, nil
}
func TestWriteKeyRing(t *testing.T) {
ent, err := EntityFromSecring("26F5ABDA", "testdata/test-secring.gpg")
if err != nil {
t.Fatalf("NewEntity: %v", err)
}
var buf bytes.Buffer
err = WriteKeyRing(&buf, openpgp.EntityList([]*openpgp.Entity{ent}))
if err != nil {
t.Fatalf("WriteKeyRing: %v", err)
}
el, err := openpgp.ReadKeyRing(&buf)
if err != nil {
t.Fatalf("ReadKeyRing: %v", err)
}
if len(el) != 1 {
t.Fatalf("ReadKeyRing read %d entities; want 1", len(el))
}
orig := entityString(ent)
got := entityString(el[0])
if orig != got {
t.Fatalf("original vs. wrote-then-read entities differ:\norig: %s\n got: %s", orig, got)
}
}