Example 1 with PGPException
use of org.bouncycastle.openpgp.PGPException in project camel by apache.
the class PGPKeyAccessDataFormat method getSignature.
protected PGPOnePassSignature getSignature(Exchange exchange, PGPOnePassSignatureList signatureList) throws Exception {
if (SIGNATURE_VERIFICATION_OPTION_IGNORE.equals(getSignatureVerificationOption())) {
return null;
}
if (SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED.equals(getSignatureVerificationOption())) {
throw new PGPException("PGP message contains a signature although a signature is not expected. Either change the configuration of the PGP decryptor or send a PGP message with no signature.");
}
List<String> allowedUserIds = determineSignaturenUserIds(exchange);
for (int i = 0; i < signatureList.size(); i++) {
PGPOnePassSignature signature = signatureList.get(i);
// Determine public key from signature keyId
PGPPublicKey sigPublicKey = publicKeyAccessor.getPublicKey(exchange, signature.getKeyID(), allowedUserIds);
if (sigPublicKey == null) {
continue;
}
// choose that signature for which a public key exists!
signature.init(new JcaPGPContentVerifierBuilderProvider().setProvider(getProvider()), sigPublicKey);
return signature;
}
if (signatureList.isEmpty()) {
return null;
} else {
throw new IllegalArgumentException("Cannot verify the PGP signature: No public key found for the key ID(s) contained in the PGP signature(s). " + "Either the received PGP message contains a signature from an unexpected sender or the Public Keyring does not contain the public key of the sender.");
}
}
Also used :
PGPException(org.bouncycastle.openpgp.PGPException)
PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey)
PGPOnePassSignature(org.bouncycastle.openpgp.PGPOnePassSignature)
JcaPGPContentVerifierBuilderProvider(org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider)
Example 2 with PGPException
use of org.bouncycastle.openpgp.PGPException in project camel by apache.
the class PGPKeyAccessDataFormat method getDecryptedData.
private InputStream getDecryptedData(Exchange exchange, InputStream encryptedStream) throws Exception, PGPException {
PGPObjectFactory pgpFactory = new PGPObjectFactory(encryptedStream, new BcKeyFingerprintCalculator());
Object firstObject = pgpFactory.nextObject();
// the first object might be a PGP marker packet
PGPEncryptedDataList enc = getEcryptedDataList(pgpFactory, firstObject);
if (enc == null) {
throw getFormatException();
}
PGPPublicKeyEncryptedData pbe = null;
PGPPrivateKey key = null;
// find encrypted data for which a private key exists in the secret key ring
for (int i = 0; i < enc.size() && key == null; i++) {
Object encryptedData = enc.get(i);
if (!(encryptedData instanceof PGPPublicKeyEncryptedData)) {
throw getFormatException();
}
pbe = (PGPPublicKeyEncryptedData) encryptedData;
key = secretKeyAccessor.getPrivateKey(exchange, pbe.getKeyID());
if (key != null) {
// take the first key
break;
}
}
if (key == null) {
throw new PGPException("PGP message is encrypted with a key which could not be found in the Secret Keyring.");
}
InputStream encData = pbe.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider(getProvider()).build(key));
return encData;
}
Also used :
PGPException(org.bouncycastle.openpgp.PGPException)
InputStream(java.io.InputStream)
JcePublicKeyDataDecryptorFactoryBuilder(org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder)
PGPEncryptedDataList(org.bouncycastle.openpgp.PGPEncryptedDataList)
BcKeyFingerprintCalculator(org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator)
PGPPublicKeyEncryptedData(org.bouncycastle.openpgp.PGPPublicKeyEncryptedData)
PGPPrivateKey(org.bouncycastle.openpgp.PGPPrivateKey)
PGPObjectFactory(org.bouncycastle.openpgp.PGPObjectFactory)
Example 3 with PGPException
use of org.bouncycastle.openpgp.PGPException in project camel by apache.
the class PGPKeyAccessDataFormat method unmarshal.
public Object unmarshal(Exchange exchange, InputStream encryptedStream) throws Exception {
//NOPMD
if (encryptedStream == null) {
return null;
}
InputStream in = null;
InputStream encData = null;
InputStream uncompressedData = null;
InputStream litData = null;
OutputStreamBuilder osb = null;
try {
in = PGPUtil.getDecoderStream(encryptedStream);
encData = getDecryptedData(exchange, in);
PGPObjectFactory pgpFactory = new PGPObjectFactory(encData, new BcKeyFingerprintCalculator());
Object object = pgpFactory.nextObject();
if (object instanceof PGPCompressedData) {
PGPCompressedData comData = (PGPCompressedData) object;
uncompressedData = comData.getDataStream();
pgpFactory = new PGPObjectFactory(uncompressedData, new BcKeyFingerprintCalculator());
object = pgpFactory.nextObject();
} else {
LOG.debug("PGP Message does not contain a Compressed Data Packet");
}
PGPOnePassSignature signature;
if (object instanceof PGPOnePassSignatureList) {
signature = getSignature(exchange, (PGPOnePassSignatureList) object);
object = pgpFactory.nextObject();
} else {
// no signature contained in PGP message
signature = null;
if (SIGNATURE_VERIFICATION_OPTION_REQUIRED.equals(getSignatureVerificationOption())) {
throw new PGPException("PGP message does not contain any signatures although a signature is expected. Either send a PGP message with signature or change the configuration of the PGP decryptor.");
}
}
PGPLiteralData ld;
if (object instanceof PGPLiteralData) {
ld = (PGPLiteralData) object;
} else {
throw getFormatException();
}
litData = ld.getInputStream();
osb = OutputStreamBuilder.withExchange(exchange);
byte[] buffer = new byte[BUFFER_SIZE];
int bytesRead;
while ((bytesRead = litData.read(buffer)) != -1) {
osb.write(buffer, 0, bytesRead);
if (signature != null) {
signature.update(buffer, 0, bytesRead);
}
osb.flush();
}
verifySignature(pgpFactory, signature);
} finally {
IOHelper.close(osb, litData, uncompressedData, encData, in, encryptedStream);
}
return osb.build();
}
Also used :
PGPException(org.bouncycastle.openpgp.PGPException)
PGPOnePassSignatureList(org.bouncycastle.openpgp.PGPOnePassSignatureList)
PGPLiteralData(org.bouncycastle.openpgp.PGPLiteralData)
InputStream(java.io.InputStream)
BcKeyFingerprintCalculator(org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator)
PGPOnePassSignature(org.bouncycastle.openpgp.PGPOnePassSignature)
OutputStreamBuilder(org.apache.camel.converter.stream.OutputStreamBuilder)
PGPObjectFactory(org.bouncycastle.openpgp.PGPObjectFactory)
PGPCompressedData(org.bouncycastle.openpgp.PGPCompressedData)
Example 4 with PGPException
use of org.bouncycastle.openpgp.PGPException in project camel by apache.
the class PGPDataFormatUtil method findPrivateKey.
@Deprecated
private static PGPPrivateKey findPrivateKey(InputStream keyringInput, InputStream encryptedInput, String passphrase, PGPPassphraseAccessor passphraseAccessor, String provider) throws IOException, PGPException, NoSuchProviderException {
PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(keyringInput), new BcKeyFingerprintCalculator());
PGPObjectFactory factory = new PGPObjectFactory(PGPUtil.getDecoderStream(encryptedInput), new BcKeyFingerprintCalculator());
PGPEncryptedDataList enc;
Object o = factory.nextObject();
if (o == null) {
throw new PGPException("Provided input is not encrypted.");
}
if (o instanceof PGPEncryptedDataList) {
enc = (PGPEncryptedDataList) o;
} else {
enc = (PGPEncryptedDataList) factory.nextObject();
}
// nextObject() method reads from the InputStream, so rewind it!
encryptedInput.reset();
Iterator<?> encryptedDataObjects = enc.getEncryptedDataObjects();
PGPPrivateKey privateKey = null;
PGPPublicKeyEncryptedData encryptedData = null;
while (privateKey == null && encryptedDataObjects.hasNext()) {
encryptedData = (PGPPublicKeyEncryptedData) encryptedDataObjects.next();
PGPSecretKey pgpSecKey = pgpSec.getSecretKey(encryptedData.getKeyID());
if (pgpSecKey != null) {
if (passphrase == null && passphraseAccessor != null) {
// get passphrase from accessor
@SuppressWarnings("unchecked") Iterator<String> userIDs = pgpSecKey.getUserIDs();
while (passphrase == null && userIDs.hasNext()) {
passphrase = passphraseAccessor.getPassphrase(userIDs.next());
}
}
privateKey = pgpSecKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(provider).build(passphrase.toCharArray()));
}
}
if (privateKey == null && pgpSec.size() > 0 && encryptedData != null) {
throw new PGPException("Provided input is encrypted with unknown pair of keys.");
}
return privateKey;
}
Also used :
PGPEncryptedDataList(org.bouncycastle.openpgp.PGPEncryptedDataList)
PGPObjectFactory(org.bouncycastle.openpgp.PGPObjectFactory)
JcePBESecretKeyDecryptorBuilder(org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder)
PGPException(org.bouncycastle.openpgp.PGPException)
PGPSecretKey(org.bouncycastle.openpgp.PGPSecretKey)
PGPSecretKeyRingCollection(org.bouncycastle.openpgp.PGPSecretKeyRingCollection)
BcKeyFingerprintCalculator(org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator)
PGPPublicKeyEncryptedData(org.bouncycastle.openpgp.PGPPublicKeyEncryptedData)
PGPPrivateKey(org.bouncycastle.openpgp.PGPPrivateKey)
Example 5 with PGPException
use of org.bouncycastle.openpgp.PGPException in project nifi by apache.
the class OpenPGPKeyBasedEncryptor method getDecryptedPrivateKey.
private static PGPPrivateKey getDecryptedPrivateKey(String provider, String secretKeyringFile, long keyId, char[] passphrase) throws IOException, PGPException {
// Read in from the secret keyring file
try (FileInputStream keyInputStream = new FileInputStream(secretKeyringFile)) {
// Form the SecretKeyRing collection (1.53 way with fingerprint calculator)
PGPSecretKeyRingCollection pgpSecretKeyRingCollection = new PGPSecretKeyRingCollection(keyInputStream, new BcKeyFingerprintCalculator());
// The decryptor is identical for all keys
final PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(provider).build(passphrase);
// Iterate over all secret keyrings
Iterator<PGPSecretKeyRing> keyringIterator = pgpSecretKeyRingCollection.getKeyRings();
PGPSecretKeyRing keyRing;
PGPSecretKey secretKey;
while (keyringIterator.hasNext()) {
keyRing = keyringIterator.next();
// If keyId exists, get a specific secret key; else, iterate over all
if (keyId != 0) {
secretKey = keyRing.getSecretKey(keyId);
try {
return secretKey.extractPrivateKey(decryptor);
} catch (Exception e) {
throw new PGPException("No private key available using passphrase", e);
}
} else {
Iterator<PGPSecretKey> keyIterator = keyRing.getSecretKeys();
while (keyIterator.hasNext()) {
secretKey = keyIterator.next();
try {
return secretKey.extractPrivateKey(decryptor);
} catch (Exception e) {
// TODO: Log (expected) failures?
}
}
}
}
}
// If this point is reached, no private key could be extracted with the given passphrase
throw new PGPException("No private key available using passphrase");
}
Also used :
PGPException(org.bouncycastle.openpgp.PGPException)
PBESecretKeyDecryptor(org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor)
PGPSecretKey(org.bouncycastle.openpgp.PGPSecretKey)
PGPSecretKeyRingCollection(org.bouncycastle.openpgp.PGPSecretKeyRingCollection)
BcKeyFingerprintCalculator(org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator)
PGPSecretKeyRing(org.bouncycastle.openpgp.PGPSecretKeyRing)
FileInputStream(java.io.FileInputStream)
ProcessException(org.apache.nifi.processor.exception.ProcessException)
PGPException(org.bouncycastle.openpgp.PGPException)
IOException(java.io.IOException)
NoSuchProviderException(java.security.NoSuchProviderException)
JcePBESecretKeyDecryptorBuilder(org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder)
Aggregations
PGPException (org.bouncycastle.openpgp.PGPException)21
IOException (java.io.IOException)13
InputStream (java.io.InputStream)7
BcKeyFingerprintCalculator (org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator)7
PGPPublicKey (org.bouncycastle.openpgp.PGPPublicKey)6
PGPPublicKeyRing (org.bouncycastle.openpgp.PGPPublicKeyRing)6
FileInputStream (java.io.FileInputStream)4
ArrayList (java.util.ArrayList)4
PGPPublicKeyRingCollection (org.bouncycastle.openpgp.PGPPublicKeyRingCollection)4
PGPSignature (org.bouncycastle.openpgp.PGPSignature)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)3
HashMap (java.util.HashMap)3
Iterator (java.util.Iterator)3
PGPEncryptedDataList (org.bouncycastle.openpgp.PGPEncryptedDataList)3
PGPObjectFactory (org.bouncycastle.openpgp.PGPObjectFactory)3
PGPPrivateKey (org.bouncycastle.openpgp.PGPPrivateKey)3
PGPPublicKeyEncryptedData (org.bouncycastle.openpgp.PGPPublicKeyEncryptedData)3
PGPSecretKeyRingCollection (org.bouncycastle.openpgp.PGPSecretKeyRingCollection)3
PublicKeyStore.keyIdToString (com.google.gerrit.gpg.PublicKeyStore.keyIdToString)2
