Search in sources :

Example 1 with PGPCompressedData

use of org.bouncycastle.openpgp.PGPCompressedData in project camel by apache.

the class PGPKeyAccessDataFormat method unmarshal.

public Object unmarshal(Exchange exchange, InputStream encryptedStream) throws Exception {
    //NOPMD
    if (encryptedStream == null) {
        return null;
    }
    InputStream in = null;
    InputStream encData = null;
    InputStream uncompressedData = null;
    InputStream litData = null;
    OutputStreamBuilder osb = null;
    try {
        in = PGPUtil.getDecoderStream(encryptedStream);
        encData = getDecryptedData(exchange, in);
        PGPObjectFactory pgpFactory = new PGPObjectFactory(encData, new BcKeyFingerprintCalculator());
        Object object = pgpFactory.nextObject();
        if (object instanceof PGPCompressedData) {
            PGPCompressedData comData = (PGPCompressedData) object;
            uncompressedData = comData.getDataStream();
            pgpFactory = new PGPObjectFactory(uncompressedData, new BcKeyFingerprintCalculator());
            object = pgpFactory.nextObject();
        } else {
            LOG.debug("PGP Message does not contain a Compressed Data Packet");
        }
        PGPOnePassSignature signature;
        if (object instanceof PGPOnePassSignatureList) {
            signature = getSignature(exchange, (PGPOnePassSignatureList) object);
            object = pgpFactory.nextObject();
        } else {
            // no signature contained in PGP message
            signature = null;
            if (SIGNATURE_VERIFICATION_OPTION_REQUIRED.equals(getSignatureVerificationOption())) {
                throw new PGPException("PGP message does not contain any signatures although a signature is expected. Either send a PGP message with signature or change the configuration of the PGP decryptor.");
            }
        }
        PGPLiteralData ld;
        if (object instanceof PGPLiteralData) {
            ld = (PGPLiteralData) object;
        } else {
            throw getFormatException();
        }
        litData = ld.getInputStream();
        osb = OutputStreamBuilder.withExchange(exchange);
        byte[] buffer = new byte[BUFFER_SIZE];
        int bytesRead;
        while ((bytesRead = litData.read(buffer)) != -1) {
            osb.write(buffer, 0, bytesRead);
            if (signature != null) {
                signature.update(buffer, 0, bytesRead);
            }
            osb.flush();
        }
        verifySignature(pgpFactory, signature);
    } finally {
        IOHelper.close(osb, litData, uncompressedData, encData, in, encryptedStream);
    }
    return osb.build();
}
Also used : PGPException(org.bouncycastle.openpgp.PGPException) PGPOnePassSignatureList(org.bouncycastle.openpgp.PGPOnePassSignatureList) PGPLiteralData(org.bouncycastle.openpgp.PGPLiteralData) InputStream(java.io.InputStream) BcKeyFingerprintCalculator(org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator) PGPOnePassSignature(org.bouncycastle.openpgp.PGPOnePassSignature) OutputStreamBuilder(org.apache.camel.converter.stream.OutputStreamBuilder) PGPObjectFactory(org.bouncycastle.openpgp.PGPObjectFactory) PGPCompressedData(org.bouncycastle.openpgp.PGPCompressedData)

Example 2 with PGPCompressedData

use of org.bouncycastle.openpgp.PGPCompressedData in project incubator-gobblin by apache.

the class GPGFileDecryptor method decryptFile.

/**
 * Taking in a file inputstream, keyring inputstream and a passPhrase, generate a decrypted file inputstream.
 * @param inputStream file inputstream
 * @param keyIn keyring inputstream
 * @param passPhrase passPhrase
 * @return
 * @throws IOException
 */
@SneakyThrows(PGPException.class)
public InputStream decryptFile(InputStream inputStream, InputStream keyIn, String passPhrase) throws IOException {
    PGPEncryptedDataList enc = getPGPEncryptedDataList(inputStream);
    Iterator it = enc.getEncryptedDataObjects();
    PGPPrivateKey sKey = null;
    PGPPublicKeyEncryptedData pbe = null;
    PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(keyIn), new BcKeyFingerprintCalculator());
    while (sKey == null && it.hasNext()) {
        pbe = (PGPPublicKeyEncryptedData) it.next();
        sKey = findSecretKey(pgpSec, pbe.getKeyID(), passPhrase);
    }
    if (sKey == null) {
        throw new IllegalArgumentException("secret key for message not found.");
    }
    ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
    try (InputStream clear = pbe.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(sKey))) {
        JcaPGPObjectFactory pgpFact = new JcaPGPObjectFactory(clear);
        Object pgpfObject = pgpFact.nextObject();
        while (pgpfObject != null) {
            if (pgpfObject instanceof PGPCompressedData) {
                PGPCompressedData cData = (PGPCompressedData) pgpfObject;
                pgpFact = new JcaPGPObjectFactory(cData.getDataStream());
                pgpfObject = pgpFact.nextObject();
            }
            if (pgpfObject instanceof PGPLiteralData) {
                Streams.pipeAll(((PGPLiteralData) pgpfObject).getInputStream(), outputStream);
            } else if (pgpfObject instanceof PGPOnePassSignatureList) {
                throw new PGPException("encrypted message contains PGPOnePassSignatureList message - not literal data.");
            } else if (pgpfObject instanceof PGPSignatureList) {
                throw new PGPException("encrypted message contains PGPSignatureList message - not literal data.");
            } else {
                throw new PGPException("message is not a simple encrypted file - type unknown.");
            }
            pgpfObject = pgpFact.nextObject();
        }
        return new ByteArrayInputStream(outputStream.toByteArray());
    } finally {
        outputStream.close();
    }
}
Also used : PGPOnePassSignatureList(org.bouncycastle.openpgp.PGPOnePassSignatureList) PGPLiteralData(org.bouncycastle.openpgp.PGPLiteralData) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) JcePublicKeyDataDecryptorFactoryBuilder(org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder) PGPEncryptedDataList(org.bouncycastle.openpgp.PGPEncryptedDataList) PGPSignatureList(org.bouncycastle.openpgp.PGPSignatureList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) PGPCompressedData(org.bouncycastle.openpgp.PGPCompressedData) PGPException(org.bouncycastle.openpgp.PGPException) ByteArrayInputStream(java.io.ByteArrayInputStream) Iterator(java.util.Iterator) PGPSecretKeyRingCollection(org.bouncycastle.openpgp.PGPSecretKeyRingCollection) BcKeyFingerprintCalculator(org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator) PGPPublicKeyEncryptedData(org.bouncycastle.openpgp.PGPPublicKeyEncryptedData) PGPPrivateKey(org.bouncycastle.openpgp.PGPPrivateKey) JcaPGPObjectFactory(org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory) SneakyThrows(lombok.SneakyThrows)

Example 3 with PGPCompressedData

use of org.bouncycastle.openpgp.PGPCompressedData in project spring-roo by spring-projects.

the class PgpServiceImpl method isSignatureAcceptable.

public SignatureDecision isSignatureAcceptable(final InputStream signature) throws IOException {
    Validate.notNull(signature, "Signature input stream required");
    PGPObjectFactory factory = new PGPObjectFactory(PGPUtil.getDecoderStream(signature));
    final Object obj = factory.nextObject();
    Validate.notNull(obj, "Unable to retrieve signature from stream");
    PGPSignatureList p3;
    if (obj instanceof PGPCompressedData) {
        try {
            factory = new PGPObjectFactory(((PGPCompressedData) obj).getDataStream());
        } catch (final Exception e) {
            throw new IllegalStateException(e);
        }
        p3 = (PGPSignatureList) factory.nextObject();
    } else {
        p3 = (PGPSignatureList) obj;
    }
    final PGPSignature pgpSignature = p3.get(0);
    Validate.notNull(pgpSignature, "Unable to retrieve signature from stream");
    final PgpKeyId keyIdInHex = new PgpKeyId(pgpSignature);
    // Special case where we directly store the key ID, as we know it's
    // valid
    discoveredKeyIds.add(keyIdInHex);
    boolean signatureAcceptable = false;
    // Loop to see if the user trusts this key
    for (final PGPPublicKeyRing keyRing : getTrustedKeys()) {
        final PgpKeyId candidate = new PgpKeyId(keyRing.getPublicKey());
        if (candidate.equals(keyIdInHex)) {
            signatureAcceptable = true;
            break;
        }
    }
    if (!signatureAcceptable && automaticTrust) {
        // We don't approve of this signature, but the user has told us it's
        // OK
        trust(keyIdInHex);
        signatureAcceptable = true;
    }
    return new SignatureDecision(pgpSignature, keyIdInHex, signatureAcceptable);
}
Also used : PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing) PGPSignatureList(org.bouncycastle.openpgp.PGPSignatureList) PGPSignature(org.bouncycastle.openpgp.PGPSignature) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) PGPObjectFactory(org.bouncycastle.openpgp.PGPObjectFactory) PGPCompressedData(org.bouncycastle.openpgp.PGPCompressedData)

Aggregations

PGPCompressedData (org.bouncycastle.openpgp.PGPCompressedData)3 InputStream (java.io.InputStream)2 PGPException (org.bouncycastle.openpgp.PGPException)2 PGPLiteralData (org.bouncycastle.openpgp.PGPLiteralData)2 PGPObjectFactory (org.bouncycastle.openpgp.PGPObjectFactory)2 PGPOnePassSignatureList (org.bouncycastle.openpgp.PGPOnePassSignatureList)2 PGPSignatureList (org.bouncycastle.openpgp.PGPSignatureList)2 BcKeyFingerprintCalculator (org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 IOException (java.io.IOException)1 MalformedURLException (java.net.MalformedURLException)1 Iterator (java.util.Iterator)1 SneakyThrows (lombok.SneakyThrows)1 OutputStreamBuilder (org.apache.camel.converter.stream.OutputStreamBuilder)1 PGPEncryptedDataList (org.bouncycastle.openpgp.PGPEncryptedDataList)1 PGPOnePassSignature (org.bouncycastle.openpgp.PGPOnePassSignature)1 PGPPrivateKey (org.bouncycastle.openpgp.PGPPrivateKey)1 PGPPublicKeyEncryptedData (org.bouncycastle.openpgp.PGPPublicKeyEncryptedData)1 PGPPublicKeyRing (org.bouncycastle.openpgp.PGPPublicKeyRing)1