resolve review findings

2026-05-06 08:15:37 +02:00 · 2020-08-11 13:28:16 +02:00
parent 742c58a282
commit 0601770262
34 changed files with 1108 additions and 248 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/DefaultChangesetToChangesetDtoMapper.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/DefaultChangesetToChangesetDtoMapper.java
@@ -40,10 +40,13 @@ import sonia.scm.repository.api.Command;
 import sonia.scm.repository.api.RepositoryService;
 import sonia.scm.repository.api.RepositoryServiceFactory;
 import sonia.scm.security.gpg.PublicKeyResource;
+import sonia.scm.security.gpg.PublicKeyStore;
+import sonia.scm.security.gpg.RawGpgKey;
 import sonia.scm.web.EdisonHalAppender;

 import javax.inject.Inject;
 import java.util.List;
+import java.util.Optional;
 import java.util.function.Function;
 import java.util.stream.Collectors;

@@ -72,6 +75,9 @@ public abstract class DefaultChangesetToChangesetDtoMapper extends HalAppenderMa
  @Inject
  private ScmPathInfoStore scmPathInfoStore;

+  @Inject
+  private PublicKeyStore publicKeyStore;
+
  abstract ContributorDto map(Contributor contributor);

  abstract SignatureDto map(Signature signature);
@@ -80,7 +86,8 @@ public abstract class DefaultChangesetToChangesetDtoMapper extends HalAppenderMa

  @ObjectFactory
  SignatureDto createDto(Signature signature) {
-    if (signature.getType().equals("gpg")) {
+    final Optional<RawGpgKey> key = publicKeyStore.findById(signature.getKeyId());
+    if (signature.getType().equals("gpg") && key.isPresent()) {
      final Links.Builder linkBuilder =
        linkingTo()
          .single(link("rawKey", new LinkBuilder(scmPathInfoStore.get(), PublicKeyResource.class)
--- a/scm-webapp/src/main/java/sonia/scm/security/gpg/DefaultGPG.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/DefaultGPG.java
@@ -24,48 +24,25 @@

 package sonia.scm.security.gpg;

-import org.apache.commons.io.IOUtils;
 import org.apache.shiro.SecurityUtils;
 import org.bouncycastle.bcpg.ArmoredInputStream;
-import org.bouncycastle.bcpg.ArmoredOutputStream;
-import org.bouncycastle.bcpg.BCPGOutputStream;
-import org.bouncycastle.bcpg.HashAlgorithmTags;
-import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
-import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.openpgp.PGPException;
-import org.bouncycastle.openpgp.PGPKeyPair;
-import org.bouncycastle.openpgp.PGPKeyRing;
 import org.bouncycastle.openpgp.PGPKeyRingGenerator;
 import org.bouncycastle.openpgp.PGPObjectFactory;
-import org.bouncycastle.openpgp.PGPPrivateKey;
-import org.bouncycastle.openpgp.PGPSignature;
-import org.bouncycastle.openpgp.PGPSignatureGenerator;
 import org.bouncycastle.openpgp.PGPSignatureList;
 import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
-import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
-import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
-import org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyPair;
-import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import sonia.scm.repository.Person;
 import sonia.scm.security.GPG;
 import sonia.scm.security.PrivateKey;
 import sonia.scm.security.PublicKey;
-import sonia.scm.user.User;

 import javax.inject.Inject;
 import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.io.InputStream;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.util.Collections;
-import java.util.Date;
 import java.util.List;
 import java.util.Optional;
 import java.util.stream.Collectors;
@@ -100,7 +77,7 @@ public class DefaultGPG implements GPG {
  public Optional<PublicKey> findPublicKey(String id) {
    Optional<RawGpgKey> key = publicKeyStore.findById(id);

-    return key.map(rawGpgKey -> new GpgKey(rawGpgKey.getId(), rawGpgKey.getOwner(), rawGpgKey.getRaw(), rawGpgKey.getContacts()));
+    return key.map(rawGpgKey -> new DefaultPublicKey(rawGpgKey.getId(), rawGpgKey.getOwner(), rawGpgKey.getRaw(), rawGpgKey.getContacts()));
  }

  @Override
@@ -110,7 +87,7 @@ public class DefaultGPG implements GPG {
    if (!keys.isEmpty()) {
      return keys
        .stream()
-        .map(rawGpgKey -> new GpgKey(rawGpgKey.getId(), rawGpgKey.getOwner(), rawGpgKey.getRaw(), rawGpgKey.getContacts()))
+        .map(rawGpgKey -> new DefaultPublicKey(rawGpgKey.getId(), rawGpgKey.getOwner(), rawGpgKey.getRaw(), rawGpgKey.getContacts()))
        .collect(Collectors.toSet());
    }

@@ -124,98 +101,21 @@ public class DefaultGPG implements GPG {

    if (!privateRawKey.isPresent()) {
      try {
-        final PGPKeyRingGenerator keyPair = generateKeyPair();
+        final PGPKeyRingGenerator keyPair = GPGKeyPairGenerator.generateKeyPair();

-        final String rawPublicKey = exportKeyRing(keyPair.generatePublicKeyRing());
-        final String rawPrivateKey = exportKeyRing(keyPair.generateSecretKeyRing());
+        final String rawPublicKey = GPGKeyExporter.exportKeyRing(keyPair.generatePublicKeyRing());
+        final String rawPrivateKey = GPGKeyExporter.exportKeyRing(keyPair.generateSecretKeyRing());

        privateKeyStore.setForUserId(userId, rawPrivateKey);
        publicKeyStore.add("Default SCM-Manager Signing Key", userId, rawPublicKey, true);

        return new DefaultPrivateKey(rawPrivateKey);
      } catch (PGPException | NoSuchAlgorithmException | NoSuchProviderException | IOException e) {
-        throw new IllegalStateException("Private key could not be generated", e);
+        throw new GPGException("Private key could not be generated", e);
      }
    } else {
      return new DefaultPrivateKey(privateRawKey.get());
    }
  }

-  String exportKeyRing(PGPKeyRing keyRing) throws IOException {
-    final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
-    final ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(byteArrayOutputStream);
-    keyRing.encode(armoredOutputStream);
-    armoredOutputStream.close();
-    return new String(byteArrayOutputStream.toByteArray());
-  }
-
-  PGPKeyRingGenerator generateKeyPair() throws PGPException, NoSuchProviderException, NoSuchAlgorithmException {
-    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
-    keyPairGenerator.initialize(2048);
-
-    KeyPair pair = keyPairGenerator.generateKeyPair();
-
-    PGPKeyPair keyPair = new JcaPGPKeyPair(PublicKeyAlgorithmTags.RSA_GENERAL, pair, new Date());
-    final User user = SecurityUtils.getSubject().getPrincipals().oneByType(User.class);
-    final Person person = new Person(user.getDisplayName(), user.getMail());
-
-    return new PGPKeyRingGenerator(
-      PGPSignature.POSITIVE_CERTIFICATION,
-      keyPair,
-      person.toString(),
-      new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1),
-      null,
-      null,
-      new JcaPGPContentSignerBuilder(PublicKeyAlgorithmTags.RSA_GENERAL, HashAlgorithmTags.SHA1),
-      new JcePBESecretKeyEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256).build(new char[]{})
-    );
-  }
-
-  static class DefaultPrivateKey implements PrivateKey {
-
-    final Optional<PGPPrivateKey> privateKey;
-
-    DefaultPrivateKey(String rawPrivateKey) {
-      privateKey = PgpPrivateKeyExtractor.getFromRawKey(rawPrivateKey);
-    }
-
-    @Override
-    public String getId() {
-      if (privateKey.isPresent()) {
-        return Keys.createId(privateKey.get());
-      } else {
-        return null;
-      }
-    }
-
-    @Override
-    public byte[] sign(InputStream stream) {
-
-      PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
-        new JcaPGPContentSignerBuilder(
-          PublicKeyAlgorithmTags.RSA_GENERAL,
-          HashAlgorithmTags.SHA1).setProvider(BouncyCastleProvider.PROVIDER_NAME)
-      );
-
-      if (privateKey.isPresent()) {
-        try {
-          signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey.get());
-        } catch (PGPException e) {
-          throw new IllegalStateException("Could not initialize signature generator", e);
-        }
-      } else {
-        throw new IllegalStateException("Missing private key");
-      }
-
-      ByteArrayOutputStream buffer = new ByteArrayOutputStream();
-      try (BCPGOutputStream out = new BCPGOutputStream(new ArmoredOutputStream(buffer))) {
-        signatureGenerator.update(IOUtils.toByteArray(stream));
-        signatureGenerator.generate().encode(out);
-      } catch (PGPException | IOException e) {
-        throw new IllegalStateException("Could not create signature", e);
-      }
-
-      return buffer.toByteArray();
-    }
-  }
 }
--- a/scm-webapp/src/main/java/sonia/scm/security/gpg/DefaultPrivateKey.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/DefaultPrivateKey.java
@@ -0,0 +1,87 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.security.gpg;
+
+import org.apache.commons.io.IOUtils;
+import org.bouncycastle.bcpg.ArmoredOutputStream;
+import org.bouncycastle.bcpg.BCPGOutputStream;
+import org.bouncycastle.bcpg.HashAlgorithmTags;
+import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPrivateKey;
+import org.bouncycastle.openpgp.PGPSignature;
+import org.bouncycastle.openpgp.PGPSignatureGenerator;
+import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
+import sonia.scm.security.PrivateKey;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Optional;
+
+class DefaultPrivateKey implements PrivateKey {
+
+  final Optional<PGPPrivateKey> privateKey;
+
+  DefaultPrivateKey(String rawPrivateKey) {
+    privateKey = KeysExtractor.extractPrivateKey(rawPrivateKey);
+  }
+
+  @Override
+  public String getId() {
+    return privateKey.map(Keys::createId).orElse(null);
+  }
+
+  @Override
+  public byte[] sign(InputStream stream) {
+
+    PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
+      new JcaPGPContentSignerBuilder(
+        PublicKeyAlgorithmTags.RSA_GENERAL,
+        HashAlgorithmTags.SHA1).setProvider(BouncyCastleProvider.PROVIDER_NAME)
+    );
+
+    if (privateKey.isPresent()) {
+      try {
+        signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey.get());
+      } catch (PGPException e) {
+        throw new GPGException("Could not initialize signature generator", e);
+      }
+    } else {
+      throw new GPGException("Missing private key");
+    }
+
+    ByteArrayOutputStream buffer = new ByteArrayOutputStream();
+    try (BCPGOutputStream out = new BCPGOutputStream(new ArmoredOutputStream(buffer))) {
+      signatureGenerator.update(IOUtils.toByteArray(stream));
+      signatureGenerator.generate().encode(out);
+    } catch (PGPException | IOException e) {
+      throw new GPGException("Could not create signature", e);
+    }
+
+    return buffer.toByteArray();
+  }
+}
--- a/scm-webapp/src/main/java/sonia/scm/security/gpg/DefaultPublicKey.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/DefaultPublicKey.java
@@ -46,16 +46,16 @@ import java.nio.charset.StandardCharsets;
 import java.util.Optional;
 import java.util.Set;

-public class GpgKey implements PublicKey {
+public class DefaultPublicKey implements PublicKey {

-  private static final Logger LOG = LoggerFactory.getLogger(GpgKey.class);
+  private static final Logger LOG = LoggerFactory.getLogger(DefaultPublicKey.class);

  private final String id;
  private final String owner;
  private final String raw;
  private final Set<Person> contacts;

-  public GpgKey(String id, String owner, String raw, Set<Person> contacts) {
+  public DefaultPublicKey(String id, String owner, String raw, Set<Person> contacts) {
    this.id = id;
    this.owner = owner;
    this.raw = raw;
--- a/scm-webapp/src/main/java/sonia/scm/security/gpg/DeletingReadonlyKeyNotAllowedException.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/DeletingReadonlyKeyNotAllowedException.java
@@ -0,0 +1,42 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.security.gpg;
+
+import sonia.scm.BadRequestException;
+import sonia.scm.ContextEntry;
+
+public final class DeletingReadonlyKeyNotAllowedException extends BadRequestException {
+
+  public DeletingReadonlyKeyNotAllowedException(String keyId) {
+    super(ContextEntry.ContextBuilder.entity(RawGpgKey.class, keyId).build(), "deleting readonly gpg keys is not allowed");
+  }
+
+  private static final String CODE = "3US6mweXy1";
+
+  @Override
+  public String getCode() {
+    return CODE;
+  }
+}
--- a/scm-webapp/src/main/java/sonia/scm/security/gpg/PgpPublicKeyExtractor.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/PgpPublicKeyExtractor.java
@@ -24,34 +24,20 @@

 package sonia.scm.security.gpg;

-import org.bouncycastle.bcpg.ArmoredInputStream;
-import org.bouncycastle.openpgp.PGPObjectFactory;
-import org.bouncycastle.openpgp.PGPPublicKey;
-import org.bouncycastle.openpgp.PGPPublicKeyRing;
-import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.bouncycastle.bcpg.ArmoredOutputStream;
+import org.bouncycastle.openpgp.PGPKeyRing;

-import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.util.Optional;

-public class PgpPublicKeyExtractor {
+class GPGKeyExporter {
+  private GPGKeyExporter() { }

-  private PgpPublicKeyExtractor() {}
-
-  private static final Logger LOG = LoggerFactory.getLogger(PgpPublicKeyExtractor.class);
-
-  static Optional<PGPPublicKey> getFromRawKey(String rawKey) {
-    try {
-      ArmoredInputStream armoredInputStream = new ArmoredInputStream(new ByteArrayInputStream(rawKey.getBytes()));
-      PGPObjectFactory pgpObjectFactory = new PGPObjectFactory(armoredInputStream, new JcaKeyFingerprintCalculator());
-      PGPPublicKey publicKey = ((PGPPublicKeyRing) pgpObjectFactory.nextObject()).getPublicKey();
-      return Optional.of(publicKey);
-
-    } catch (IOException e) {
-      LOG.error("Invalid PGP key", e);
-    }
-    return Optional.empty();
+  static String exportKeyRing(PGPKeyRing keyRing) throws IOException {
+    final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+    final ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(byteArrayOutputStream);
+    keyRing.encode(armoredOutputStream);
+    armoredOutputStream.close();
+    return new String(byteArrayOutputStream.toByteArray());
  }
 }
--- a/scm-webapp/src/main/java/sonia/scm/security/gpg/GPGKeyPairGenerator.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/GPGKeyPairGenerator.java
@@ -0,0 +1,70 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.security.gpg;
+
+import org.apache.shiro.SecurityUtils;
+import org.bouncycastle.bcpg.HashAlgorithmTags;
+import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
+import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPKeyPair;
+import org.bouncycastle.openpgp.PGPKeyRingGenerator;
+import org.bouncycastle.openpgp.PGPSignature;
+import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
+import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
+import org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyPair;
+import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder;
+import sonia.scm.repository.Person;
+import sonia.scm.user.User;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.util.Date;
+
+class GPGKeyPairGenerator {
+  static PGPKeyRingGenerator generateKeyPair() throws PGPException, NoSuchProviderException, NoSuchAlgorithmException {
+    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
+    keyPairGenerator.initialize(2048);
+
+    KeyPair pair = keyPairGenerator.generateKeyPair();
+
+    PGPKeyPair keyPair = new JcaPGPKeyPair(PublicKeyAlgorithmTags.RSA_GENERAL, pair, new Date());
+    final User user = SecurityUtils.getSubject().getPrincipals().oneByType(User.class);
+    final Person person = new Person(user.getDisplayName(), user.getMail());
+
+    return new PGPKeyRingGenerator(
+      PGPSignature.POSITIVE_CERTIFICATION,
+      keyPair,
+      person.toString(),
+      new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1),
+      null,
+      null,
+      new JcaPGPContentSignerBuilder(PublicKeyAlgorithmTags.RSA_GENERAL, HashAlgorithmTags.SHA1),
+      new JcePBESecretKeyEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256).build(new char[]{})
+    );
+  }
+}
--- a/scm-webapp/src/main/java/sonia/scm/security/gpg/PgpPrivateKeyExtractor.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/PgpPrivateKeyExtractor.java
@@ -24,24 +24,30 @@

 package sonia.scm.security.gpg;

+import org.bouncycastle.bcpg.ArmoredInputStream;
+import org.bouncycastle.openpgp.PGPObjectFactory;
 import org.bouncycastle.openpgp.PGPPrivateKey;
+import org.bouncycastle.openpgp.PGPPublicKey;
+import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPUtil;
 import org.bouncycastle.openpgp.jcajce.JcaPGPSecretKeyRingCollection;
+import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
 import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import java.util.Optional;

-public class PgpPrivateKeyExtractor {
+public class KeysExtractor {

-  private PgpPrivateKeyExtractor() {}
+  private KeysExtractor() {}

-  private static final Logger LOG = LoggerFactory.getLogger(PgpPrivateKeyExtractor.class);
+  private static final Logger LOG = LoggerFactory.getLogger(KeysExtractor.class);

-  static Optional<PGPPrivateKey> getFromRawKey(String rawKey) {
+  static Optional<PGPPrivateKey> extractPrivateKey(String rawKey) {
    try (final InputStream decoderStream = PGPUtil.getDecoderStream(new ByteArrayInputStream(rawKey.getBytes()))) {
      JcaPGPSecretKeyRingCollection secretKeyRingCollection = new JcaPGPSecretKeyRingCollection(decoderStream);
      final PGPPrivateKey privateKey = secretKeyRingCollection.getKeyRings().next().getSecretKey().extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().build(new char[]{}));
@@ -51,4 +57,17 @@ public class PgpPrivateKeyExtractor {
      return Optional.empty();
    }
  }
+
+  static Optional<PGPPublicKey> extractPublicKey(String rawKey) {
+    try {
+      ArmoredInputStream armoredInputStream = new ArmoredInputStream(new ByteArrayInputStream(rawKey.getBytes()));
+      PGPObjectFactory pgpObjectFactory = new PGPObjectFactory(armoredInputStream, new JcaKeyFingerprintCalculator());
+      PGPPublicKey publicKey = ((PGPPublicKeyRing) pgpObjectFactory.nextObject()).getPublicKey();
+      return Optional.of(publicKey);
+
+    } catch (IOException e) {
+      LOG.error("Invalid PGP key", e);
+    }
+    return Optional.empty();
+  }
 }
--- a/scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyResource.java
@@ -65,8 +65,7 @@ public class PublicKeyResource {
    responseCode = "200",
    description = "success",
    content = @Content(
-      mediaType = "application/pgp-keys",
-      schema = @Schema(implementation = RawGpgKeyDto.class)
+      mediaType = "application/pgp-keys"
    )
  )
  @ApiResponse(responseCode = "401", description = "not authenticated / invalid credentials")
--- a/scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyStore.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyStore.java
@@ -25,7 +25,6 @@
 package sonia.scm.security.gpg;

 import org.bouncycastle.openpgp.PGPPublicKey;
-import sonia.scm.BadRequestException;
 import sonia.scm.ContextEntry;
 import sonia.scm.event.ScmEventBus;
 import sonia.scm.repository.Person;
@@ -45,7 +44,7 @@ import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;

-import static sonia.scm.security.gpg.PgpPublicKeyExtractor.getFromRawKey;
+import static sonia.scm.security.gpg.KeysExtractor.extractPublicKey;

@Singleton
 public class PublicKeyStore {
@@ -85,7 +84,7 @@ public class PublicKeyStore {
    RawGpgKey key = new RawGpgKey(master, displayName, username, rawKey, getContactsFromPublicKey(rawKey), Instant.now(), readonly);

    store.put(master, key);
-    eventBus.post(new PublicKeyCreatedEvent());
+    eventBus.post(new PublicKeyCreatedEvent(new DefaultPublicKey(key.getId(), key.getOwner(), key.getRaw(), key.getContacts())));

    return key;

@@ -93,7 +92,7 @@ public class PublicKeyStore {

  private Set<Person> getContactsFromPublicKey(String rawKey) {
    List<String> userIds = new ArrayList<>();
-    Optional<PGPPublicKey> publicKeyFromRawKey = getFromRawKey(rawKey);
+    Optional<PGPPublicKey> publicKeyFromRawKey = extractPublicKey(rawKey);
    publicKeyFromRawKey.ifPresent(pgpPublicKey -> pgpPublicKey.getUserIDs().forEachRemaining(userIds::add));

    return userIds.stream().map(Person::toPerson).collect(Collectors.toSet());
@@ -105,7 +104,7 @@ public class PublicKeyStore {
      if (!rawGpgKey.isReadonly()) {
        UserPermissions.changePublicKeys(rawGpgKey.getOwner()).check();
        store.remove(id);
-        eventBus.post(new PublicKeyDeletedEvent());
+        eventBus.post(new PublicKeyDeletedEvent(new DefaultPublicKey(rawGpgKey.getId(), rawGpgKey.getOwner(), rawGpgKey.getRaw(), rawGpgKey.getContacts())));
      } else {
        throw new DeletingReadonlyKeyNotAllowedException(id);
      }
@@ -129,20 +128,4 @@ public class PublicKeyStore {
      .collect(Collectors.toList());
  }

-  @SuppressWarnings("squid:MaximumInheritanceDepth")
-  // exceptions have a deep inheritance depth themselves; therefore we accept this here
-  public static class DeletingReadonlyKeyNotAllowedException extends BadRequestException {
-
-    public DeletingReadonlyKeyNotAllowedException(String keyId) {
-      super(ContextEntry.ContextBuilder.entity(RawGpgKey.class, keyId).build(), "deleting readonly gpg keys is not allowed");
-    }
-
-    private static final String CODE = "3US6mweXy1";
-
-    @Override
-    public String getCode() {
-      return CODE;
-    }
-  }
-
 }
--- a/scm-webapp/src/main/resources/locales/de/plugins.json
+++ b/scm-webapp/src/main/resources/locales/de/plugins.json
@@ -248,6 +248,14 @@
    "3tS0mjSoo1": {
      "displayName": "Fehler bei der Erstellung eines Arbeitsverzeichnisses",
      "description": "Der Server konnte kein Arbeitsverzeichnis zur Abarbeitung der Anfrage erstellen. Bitte prüfen Sie die Server Logs für genauere Informationen."
+    },
+    "3US6mweXy1": {
+      "displayName": "Fehler beim Löschen eines schreibgeschützen Schlüssels",
+      "description": "Vom Server generierte, öffentliche Schlüssel sind schreibgeschützt und können nicht gelöscht werden."
+    },
+    "BxS5wX2v71": {
+      "displayName": "Inkorrekter Schlüssel",
+      "description": "Der bereitgestellte Schlüssel ist kein korrekt formartierter öffentlicher Schlüssel."
    }
  },
  "namespaceStrategies": {
--- a/scm-webapp/src/main/resources/locales/en/plugins.json
+++ b/scm-webapp/src/main/resources/locales/en/plugins.json
@@ -248,6 +248,14 @@
    "3tS0mjSoo1": {
      "displayName": "Error creating a new working directory",
      "description": "The server could not create a new working directory to process the request. Please check the server log for further information."
+    },
+    "3US6mweXy1": {
+      "displayName": "Error deleting readonly key",
+      "description": "Public keys generated by the server are readonly and cannot be deleted."
+    },
+    "BxS5wX2v71": {
+      "displayName": "Invalid key",
+      "description": "The provided key is not a valid public key."
    }
  },
  "namespaceStrategies": {
--- a/scm-webapp/src/test/java/sonia/scm/security/gpg/DefaultGPGTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/gpg/DefaultGPGTest.java
@@ -81,7 +81,7 @@ class DefaultGPGTest {
  @InjectMocks
  private DefaultGPG gpg;

-  Subject subjectUnderTest;
+  private Subject subjectUnderTest;

  @AfterEach
  void unbindThreadContext() {
@@ -140,40 +140,11 @@ class DefaultGPGTest {
    assertThat(key.getOwner().get()).contains("trillian");
  }

-  @Test
-  void shouldGenerateKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException {
-    final PGPKeyRingGenerator keyRingGenerator = gpg.generateKeyPair();
-    assertThat(keyRingGenerator.generatePublicKeyRing().getPublicKey()).isNotNull();
-    assertThat(keyRingGenerator.generateSecretKeyRing().getSecretKey()).isNotNull();
-  }
-
-  @Test
-  void shouldExportGeneratedKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException, IOException {
-    final PGPKeyRingGenerator keyRingGenerator = gpg.generateKeyPair();
-
-    final String exportedPublicKey = gpg.exportKeyRing(keyRingGenerator.generatePublicKeyRing());
-    assertThat(exportedPublicKey).isNotBlank();
-    assertThat(exportedPublicKey).startsWith("-----BEGIN PGP PUBLIC KEY BLOCK-----");
-    assertThat(exportedPublicKey).contains("-----END PGP PUBLIC KEY BLOCK-----");
-
-    final String exportedPrivateKey = gpg.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
-    assertThat(exportedPrivateKey).isNotBlank();
-    assertThat(exportedPrivateKey).startsWith("-----BEGIN PGP PRIVATE KEY BLOCK-----");
-    assertThat(exportedPrivateKey).contains("-----END PGP PRIVATE KEY BLOCK-----");
-  }
-
-  @Test
-  void shouldImportKeyPair() throws IOException, PGPException {
-    String raw = GPGTestHelper.readResourceAsString("private-key.asc");
-    final Optional<PGPPrivateKey> privateKey = PgpPrivateKeyExtractor.getFromRawKey(raw);
-    assertThat(privateKey).isPresent();
-  }
-
  @Test
  void shouldImportExportedGeneratedPrivateKey() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException, IOException {
-    final PGPKeyRingGenerator keyRingGenerator = gpg.generateKeyPair();
-    final String exportedPrivateKey = gpg.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
-    final Optional<PGPPrivateKey> privateKey = PgpPrivateKeyExtractor.getFromRawKey(exportedPrivateKey);
+    final PGPKeyRingGenerator keyRingGenerator = GPGKeyPairGenerator.generateKeyPair();
+    final String exportedPrivateKey = GPGKeyExporter.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
+    final Optional<PGPPrivateKey> privateKey = KeysExtractor.extractPrivateKey(exportedPrivateKey);
    assertThat(privateKey).isPresent();
  }

@@ -184,7 +155,7 @@ class DefaultGPGTest {
    ThreadContext.bind(subjectUnderTest);

    String raw = GPGTestHelper.readResourceAsString("private-key.asc");
-    final DefaultGPG.DefaultPrivateKey privateKey = new DefaultGPG.DefaultPrivateKey(raw);
+    final DefaultPrivateKey privateKey = new DefaultPrivateKey(raw);
    final byte[] signature = privateKey.sign("This is a test commit".getBytes());
    final String signatureString = new String(signature);
    assertThat(signature).isNotEmpty();
--- a/scm-webapp/src/test/java/sonia/scm/security/gpg/DefaultPublicKeyTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/gpg/DefaultPublicKeyTest.java
@@ -31,12 +31,12 @@ import java.util.Collections;

 import static org.assertj.core.api.Assertions.assertThat;

-class GpgKeyTest {
+class DefaultPublicKeyTest {

  @Test
  void shouldVerifyPublicKey() throws IOException {
    String rawPublicKey = GPGTestHelper.readResourceAsString("subkeys.asc");
-    GpgKey publicKey = new GpgKey("1", "trillian", rawPublicKey, Collections.emptySet());
+    DefaultPublicKey publicKey = new DefaultPublicKey("1", "trillian", rawPublicKey, Collections.emptySet());

    byte[] content = GPGTestHelper.readResourceAsBytes("slarti.txt");
    byte[] signature = GPGTestHelper.readResourceAsBytes("slarti.txt.asc");
--- a/scm-webapp/src/test/java/sonia/scm/security/gpg/GPGKeyExporterTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/gpg/GPGKeyExporterTest.java
@@ -0,0 +1,83 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.security.gpg;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadContext;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPKeyRingGenerator;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import sonia.scm.util.MockUtil;
+
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Security;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class GPGKeyExporterTest {
+
+  private static void registerBouncyCastleProviderIfNecessary() {
+    if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+      Security.addProvider(new BouncyCastleProvider());
+    }
+  }
+
+  @AfterEach
+  void unbindThreadContext() {
+    ThreadContext.unbindSubject();
+    ThreadContext.unbindSecurityManager();
+  }
+
+  @BeforeEach
+  void bindThreadContext() {
+    registerBouncyCastleProviderIfNecessary();
+
+    SecurityUtils.setSecurityManager(new DefaultSecurityManager());
+    ThreadContext.bind(MockUtil.createUserSubject(SecurityUtils.getSecurityManager()));
+  }
+
+  @Test
+  void shouldExportGeneratedKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException, IOException {
+    final PGPKeyRingGenerator keyRingGenerator = GPGKeyPairGenerator.generateKeyPair();
+
+    final String exportedPublicKey = GPGKeyExporter.exportKeyRing(keyRingGenerator.generatePublicKeyRing());
+    assertThat(exportedPublicKey).isNotBlank();
+    assertThat(exportedPublicKey).startsWith("-----BEGIN PGP PUBLIC KEY BLOCK-----");
+    assertThat(exportedPublicKey).contains("-----END PGP PUBLIC KEY BLOCK-----");
+
+    final String exportedPrivateKey = GPGKeyExporter.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
+    assertThat(exportedPrivateKey).isNotBlank();
+    assertThat(exportedPrivateKey).startsWith("-----BEGIN PGP PRIVATE KEY BLOCK-----");
+    assertThat(exportedPrivateKey).contains("-----END PGP PRIVATE KEY BLOCK-----");
+  }
+
+}
--- a/scm-webapp/src/test/java/sonia/scm/security/gpg/GPGKeyPairGeneratorTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/gpg/GPGKeyPairGeneratorTest.java
@@ -0,0 +1,73 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.security.gpg;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadContext;
+import org.assertj.core.api.Assertions;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPKeyRingGenerator;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import sonia.scm.util.MockUtil;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Security;
+
+public class GPGKeyPairGeneratorTest {
+
+  private static void registerBouncyCastleProviderIfNecessary() {
+    if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+      Security.addProvider(new BouncyCastleProvider());
+    }
+  }
+
+  @AfterEach
+  void unbindThreadContext() {
+    ThreadContext.unbindSubject();
+    ThreadContext.unbindSecurityManager();
+  }
+
+  @BeforeEach
+  void bindThreadContext() {
+    registerBouncyCastleProviderIfNecessary();
+
+    SecurityUtils.setSecurityManager(new DefaultSecurityManager());
+    ThreadContext.bind(MockUtil.createUserSubject(SecurityUtils.getSecurityManager()));
+  }
+
+  @Test
+  void shouldGenerateKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException {
+    final PGPKeyRingGenerator keyRingGenerator = GPGKeyPairGenerator.generateKeyPair();
+    Assertions.assertThat(keyRingGenerator.generatePublicKeyRing().getPublicKey()).isNotNull();
+    Assertions.assertThat(keyRingGenerator.generateSecretKeyRing().getSecretKey()).isNotNull();
+  }
+
+}
--- a/scm-webapp/src/test/java/sonia/scm/security/gpg/PgpPublicKeyExtractorTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/gpg/PgpPublicKeyExtractorTest.java
@@ -24,6 +24,7 @@

 package sonia.scm.security.gpg;

+import org.bouncycastle.openpgp.PGPPrivateKey;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.junit.jupiter.api.Test;

@@ -32,16 +33,23 @@ import java.util.Optional;

 import static org.assertj.core.api.Assertions.assertThat;

-class PgpPublicKeyExtractorTest {
+class KeysExtractorTest {

  @Test
  void shouldExtractPublicKeyFromRawKey() throws IOException {
    String raw = GPGTestHelper.readResourceAsString("single.asc");

-    Optional<PGPPublicKey> publicKey = PgpPublicKeyExtractor.getFromRawKey(raw);
+    Optional<PGPPublicKey> publicKey = KeysExtractor.extractPublicKey(raw);

    assertThat(publicKey).isPresent();
    assertThat(Long.toHexString(publicKey.get().getKeyID())).isEqualTo("975922f193b07d6e");
  }

+  @Test
+  void shouldExtractPrivateKeyFromRawKey() throws IOException {
+    String raw = GPGTestHelper.readResourceAsString("private-key.asc");
+    final Optional<PGPPrivateKey> privateKey = KeysExtractor.extractPrivateKey(raw);
+    assertThat(privateKey).isPresent();
+  }
+
 }
--- a/scm-webapp/src/test/java/sonia/scm/security/gpg/PublicKeyStoreTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/gpg/PublicKeyStoreTest.java
@@ -27,12 +27,10 @@ package sonia.scm.security.gpg;
 import org.apache.shiro.authz.AuthorizationException;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ThreadContext;
-import org.junit.Rule;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.junit.rules.ExpectedException;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import sonia.scm.event.ScmEventBus;
@@ -163,7 +161,7 @@ class PublicKeyStoreTest {

    assertThat(key).isPresent();

-    assertThrows(PublicKeyStore.DeletingReadonlyKeyNotAllowedException.class, () -> keyStore.delete("0x975922F193B07D6E"));
+    assertThrows(DeletingReadonlyKeyNotAllowedException.class, () -> keyStore.delete("0x975922F193B07D6E"));
    key = keyStore.findById("0x975922F193B07D6E");

    assertThat(key).isPresent();