Openpgp openpgpkeyconstructor

ligefeiBouncycastle · dghgit · commit 94b98de366c7 · 2026-04-04T03:52:50.000Z
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/api/OpenPGPKey.java b/pg/src/main/java/org/bouncycastle/openpgp/api/OpenPGPKey.java
@@ -2,6 +2,8 @@
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.LinkedHashMap;
@@ -61,6 +63,27 @@ public OpenPGPKey(PGPSecretKeyRing keyRing, OpenPGPImplementation implementation
         this(keyRing, implementation, implementation.policy());
     }
 
+    public OpenPGPKey(Collection<OpenPGPSecretKey> secretKeys, OpenPGPImplementation implementation)
+    {
+        this(secretKeys, implementation, implementation.policy());
+    }
+
+    public OpenPGPKey(Collection<OpenPGPSecretKey> secretKeys, OpenPGPImplementation implementation, OpenPGPPolicy policy)
+    {
+        this(fromSecretKeys(secretKeys), implementation, policy);
+    }
+
+    private static PGPSecretKeyRing fromSecretKeys(Collection<OpenPGPSecretKey> secretKeys)
+    {
+        List pgpSecretKeys = new ArrayList();
+        for (Iterator it = secretKeys.iterator(); it.hasNext(); )
+        {
+            OpenPGPSecretKey secretKey = (OpenPGPSecretKey)it.next();
+            pgpSecretKeys.add(secretKey.getPGPSecretKey());
+        }
+        return new PGPSecretKeyRing(pgpSecretKeys);
+    }
+
     /**
      * Create an {@link OpenPGPKey} instance based on a {@link PGPSecretKeyRing},
      * a provided {@link OpenPGPImplementation} and {@link OpenPGPPolicy}.
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/api/OpenPGPKeyEditor.java b/pg/src/main/java/org/bouncycastle/openpgp/api/OpenPGPKeyEditor.java
@@ -49,7 +49,15 @@ public OpenPGPKeyEditor(OpenPGPKey key,
         throws PGPException
     {
         this.key = key;
-        this.primaryKey = key.getPrimarySecretKey().unlock(passphraseProvider);
+        OpenPGPKey.OpenPGPSecretKey primarySecretKey = key.getPrimarySecretKey();
+        if (primarySecretKey.isLocked())
+        {
+            this.primaryKey = primarySecretKey.unlock(passphraseProvider);
+        }
+        else
+        {
+            this.primaryKey = primarySecretKey.unlock();
+        }
         this.implementation = implementation;
         this.policy = policy;
     }
@@ -429,6 +437,37 @@ public OpenPGPKeyEditor changePassphrase(KeyIdentifier componentKeyIdentifier,
         return this;
     }
 
+    /**
+     * Change the passphrase of the given component key.
+     *
+     * @param componentKeyIdentifier identifier of the component key, whose passphrase shall be changed
+     * @param passphraseProvider     provider for the old key passphrase
+     * @param newPassphrase          new passphrase (or null)
+     * @param useAEAD                whether to use AEAD
+     * @return this
+     * @throws OpenPGPKeyException if the secret component of the component key is missing
+     * @throws PGPException        if the key passphrase cannot be changed
+     */
+    public OpenPGPKeyEditor changePassphrase(KeyIdentifier componentKeyIdentifier,
+                                             KeyPassphraseProvider passphraseProvider,
+                                             char[] newPassphrase,
+                                             boolean useAEAD)
+        throws OpenPGPKeyException, PGPException
+    {
+        OpenPGPKey.OpenPGPSecretKey secretKey = key.getSecretKey(componentKeyIdentifier);
+        if (secretKey == null)
+        {
+            throw new OpenPGPKeyException(key, "Secret component key " + componentKeyIdentifier +
+                    " is missing from the key.");
+        }
+
+        return changePassphrase(
+                componentKeyIdentifier,
+                passphraseProvider.getKeyPassword(secretKey),
+                newPassphrase,
+                useAEAD);
+    }
+
     /**
      * Return the modified {@link OpenPGPKey}.
      *
diff --git a/pg/src/test/java/org/bouncycastle/openpgp/api/test/OpenPGPKeyEditorTest.java b/pg/src/test/java/org/bouncycastle/openpgp/api/test/OpenPGPKeyEditorTest.java
@@ -248,7 +248,7 @@ private void changePassphraseUnprotectedToCFBTest(OpenPGPApi api)
         isFalse(key.getPrimarySecretKey().isLocked());
 
         key = api.editKey(key)
-            .changePassphrase(key.getPrimaryKey().getKeyIdentifier(), null, "sw0rdf1sh".toCharArray(), false)
+            .changePassphrase(key.getPrimaryKey().getKeyIdentifier(), (char[]) null, "sw0rdf1sh".toCharArray(), false)
             .done();
         isTrue("Expect key to be locked", key.getPrimarySecretKey().isLocked());
         isTrue("Expect sw0rdf1sh to be the correct passphrase",
@@ -264,7 +264,7 @@ private void changePassphraseUnprotectedToAEADTest(OpenPGPApi api)
         isFalse("Expect key to be unprotected", key.getPrimarySecretKey().isLocked());
 
         key = api.editKey(key)
-            .changePassphrase(key.getPrimaryKey().getKeyIdentifier(), null, "sw0rdf1sh".toCharArray(), true)
+            .changePassphrase(key.getPrimaryKey().getKeyIdentifier(), (char[]) null, "sw0rdf1sh".toCharArray(), true)
             .done();
         isTrue("Expect key to be locked after changing passphrase",
             key.getPrimarySecretKey().isLocked());
