Example 11 with ArmoredInputStream
use of org.bouncycastle.bcpg.ArmoredInputStream in project jPOS by jpos.
the class PGPHelper method checkLicense.
public static int checkLicense() {
int rc = 0x90000;
boolean newl = false;
int ch;
try (InputStream in = getLicenseeStream()) {
InputStream ks = Q2.class.getClassLoader().getResourceAsStream(PUBRING);
PGPPublicKey pk = readPublicKey(ks, SIGNER);
ArmoredInputStream ain = new ArmoredInputStream(in, true);
ByteArrayOutputStream out = new ByteArrayOutputStream();
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(pk.getFingerprint(), "HmacSHA256"));
while ((ch = ain.read()) >= 0 && ain.isClearText()) {
if (newl) {
out.write((byte) '\n');
newl = false;
}
if (ch == '\n') {
newl = true;
continue;
}
out.write((byte) ch);
}
PGPObjectFactory pgpf = new PGPObjectFactory(ain, fingerPrintCalculator);
Object o = pgpf.nextObject();
if (o instanceof PGPSignatureList) {
PGPSignatureList list = (PGPSignatureList) o;
if (list.size() > 0) {
PGPSignature sig = list.get(0);
sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), pk);
while ((ch = ain.read()) >= 0 && ain.isClearText()) {
if (newl) {
out.write((byte) '\n');
newl = false;
}
if (ch == '\n') {
newl = true;
continue;
}
out.write((byte) ch);
}
sig.update(out.toByteArray());
if (sig.verify()) {
rc &= 0x7FFFF;
ByteArrayInputStream bais = new ByteArrayInputStream(out.toByteArray());
BufferedReader reader = new BufferedReader(new InputStreamReader(bais, StandardCharsets.UTF_8));
String s;
Pattern p1 = Pattern.compile("\\s(valid through:)\\s(\\d\\d\\d\\d-\\d\\d-\\d\\d)?", Pattern.CASE_INSENSITIVE);
Pattern p2 = Pattern.compile("\\s(instances:)\\s([\\d]{0,4})?", Pattern.CASE_INSENSITIVE);
String h = ModuleUtils.getSystemHash();
while ((s = reader.readLine()) != null) {
Matcher matcher = p1.matcher(s);
if (matcher.find() && matcher.groupCount() == 2) {
String lDate = matcher.group(2);
if (lDate.compareTo(Q2.getBuildTimestamp().substring(0, 10)) < 0) {
rc |= 0x40000;
}
}
matcher = p2.matcher(s);
if (matcher.find() && matcher.groupCount() == 2) {
rc |= Integer.parseInt(matcher.group(2));
}
if (s.contains(h)) {
rc &= 0xEFFFF;
}
}
}
}
if (!Arrays.equals(Q2.PUBKEYHASH, mac.doFinal(pk.getEncoded())))
rc |= 0x20000;
if (ModuleUtils.getRKeys().contains(PGPHelper.getLicenseeHash()))
rc |= 0x80000;
}
} catch (Exception ignored) {
// NOPMD: signature isn't good
}
return rc;
}
Also used :
Q2(org.jpos.q2.Q2)
Pattern(java.util.regex.Pattern)
Matcher(java.util.regex.Matcher)
ArmoredInputStream(org.bouncycastle.bcpg.ArmoredInputStream)
JcaPGPContentVerifierBuilderProvider(org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider)
Mac(javax.crypto.Mac)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
ArmoredInputStream(org.bouncycastle.bcpg.ArmoredInputStream)
Aggregations
ArmoredInputStream (org.bouncycastle.bcpg.ArmoredInputStream)11
PGPPublicKeyRing (org.bouncycastle.openpgp.PGPPublicKeyRing)5
BcPGPObjectFactory (org.bouncycastle.openpgp.bc.BcPGPObjectFactory)5
ByteArrayInputStream (java.io.ByteArrayInputStream)4
InputStream (java.io.InputStream)4
ArrayList (java.util.ArrayList)4
NoSuchProviderException (java.security.NoSuchProviderException)3
BadRequestException (com.google.gerrit.extensions.restapi.BadRequestException)2
Fingerprint (com.google.gerrit.gpg.Fingerprint)2
PublicKeyStore.keyIdToString (com.google.gerrit.gpg.PublicKeyStore.keyIdToString)2
PublicKeyStore.keyToString (com.google.gerrit.gpg.PublicKeyStore.keyToString)2
JcaPGPContentVerifierBuilderProvider (org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider)2
IOException (java.io.IOException)1
MalformedURLException (java.net.MalformedURLException)1
Matcher (java.util.regex.Matcher)1
Pattern (java.util.regex.Pattern)1
Mac (javax.crypto.Mac)1
SecretKeySpec (javax.crypto.spec.SecretKeySpec)1
PGPObjectFactory (org.bouncycastle.openpgp.PGPObjectFactory)1
PGPPublicKey (org.bouncycastle.openpgp.PGPPublicKey)1
