Example 16 with PGPException
use of org.bouncycastle.openpgp.PGPException in project bisq-desktop by bisq-network.
the class BisqInstaller method verifySignature.
/**
* Verifies detached PGP signatures against GPG/openPGP RSA public keys. Does currently not work with openssl or JCA/JCE keys.
*
* @param pubKeyFile Path to file providing the public key to use
* @param sigFile Path to detached signature file
* @param dataFile Path to signed data file
* @return {@code true} if signature is valid, {@code false} if signature is not valid
* @throws Exception throws various exceptions in case something went wrong. Main reason should be that key or
* signature could be extracted from the provided files due to a "bad" format.<br>
* <code>FileNotFoundException, IOException, SignatureException, PGPException</code>
*/
public static VerifyStatusEnum verifySignature(File pubKeyFile, File sigFile, File dataFile) throws Exception {
InputStream inputStream;
int bytesRead;
PGPPublicKey publicKey;
PGPSignature pgpSignature;
boolean result;
// Read keys from file
inputStream = PGPUtil.getDecoderStream(new FileInputStream(pubKeyFile));
PGPPublicKeyRingCollection publicKeyRingCollection = new PGPPublicKeyRingCollection(inputStream, new JcaKeyFingerprintCalculator());
inputStream.close();
Iterator<PGPPublicKeyRing> iterator = publicKeyRingCollection.getKeyRings();
PGPPublicKeyRing pgpPublicKeyRing;
if (iterator.hasNext()) {
pgpPublicKeyRing = iterator.next();
} else {
throw new PGPException("Could not find public keyring in provided key file");
}
// Would be the solution for multiple keys in one file
// Iterator<PGPPublicKey> kIt;
// kIt = pgpPublicKeyRing.getPublicKeys();
// publicKey = pgpPublicKeyRing.getPublicKey(0xF5B84436F379A1C6L);
// Read signature from file
inputStream = PGPUtil.getDecoderStream(new FileInputStream(sigFile));
PGPObjectFactory pgpObjectFactory = new PGPObjectFactory(inputStream, new JcaKeyFingerprintCalculator());
Object o = pgpObjectFactory.nextObject();
if (o instanceof PGPSignatureList) {
PGPSignatureList signatureList = (PGPSignatureList) o;
checkArgument(!signatureList.isEmpty(), "signatureList must not be empty");
pgpSignature = signatureList.get(0);
} else if (o instanceof PGPSignature) {
pgpSignature = (PGPSignature) o;
} else {
throw new SignatureException("Could not find signature in provided signature file");
}
inputStream.close();
log.debug("KeyID used in signature: %X\n", pgpSignature.getKeyID());
publicKey = pgpPublicKeyRing.getPublicKey(pgpSignature.getKeyID());
// If signature is not matching the key used for signing we fail
if (publicKey == null)
return VerifyStatusEnum.FAIL;
log.debug("The ID of the selected key is %X\n", publicKey.getKeyID());
pgpSignature.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
// Read file to verify
byte[] data = new byte[1024];
inputStream = new DataInputStream(new BufferedInputStream(new FileInputStream(dataFile)));
while (true) {
bytesRead = inputStream.read(data, 0, 1024);
if (bytesRead == -1)
break;
pgpSignature.update(data, 0, bytesRead);
}
inputStream.close();
// Verify the signature
result = pgpSignature.verify();
return result ? VerifyStatusEnum.OK : VerifyStatusEnum.FAIL;
}
Also used :
PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing)
DataInputStream(java.io.DataInputStream)
BufferedInputStream(java.io.BufferedInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey)
PGPSignatureList(org.bouncycastle.openpgp.PGPSignatureList)
PGPSignature(org.bouncycastle.openpgp.PGPSignature)
SignatureException(java.security.SignatureException)
JcaKeyFingerprintCalculator(org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator)
DataInputStream(java.io.DataInputStream)
FileInputStream(java.io.FileInputStream)
PGPObjectFactory(org.bouncycastle.openpgp.PGPObjectFactory)
PGPException(org.bouncycastle.openpgp.PGPException)
PGPPublicKeyRingCollection(org.bouncycastle.openpgp.PGPPublicKeyRingCollection)
BufferedInputStream(java.io.BufferedInputStream)
BcPGPContentVerifierBuilderProvider(org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider)
Example 17 with PGPException
use of org.bouncycastle.openpgp.PGPException in project gradle by gradle.
the class PgpSignatory method createSignatureGenerator.
public PGPSignatureGenerator createSignatureGenerator() {
try {
PGPSignatureGenerator generator = new PGPSignatureGenerator(new BcPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA512));
generator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
return generator;
} catch (PGPException e) {
throw UncheckedException.throwAsUncheckedException(e);
}
}
Also used :
PGPSignatureGenerator(org.bouncycastle.openpgp.PGPSignatureGenerator)
PGPException(org.bouncycastle.openpgp.PGPException)
BcPGPContentSignerBuilder(org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder)
Example 18 with PGPException
use of org.bouncycastle.openpgp.PGPException in project gerrit by GerritCodeReview.
the class PushCertificateChecker method check.
/**
* Check a push certificate.
*
* @return result of the check.
*/
public final Result check(PushCertificate cert) {
if (checkNonce && cert.getNonceStatus() != NonceStatus.OK) {
return new Result(null, CheckResult.bad("Invalid nonce"));
}
List<CheckResult> results = new ArrayList<>(2);
Result sigResult = null;
try {
PGPSignature sig = readSignature(cert);
if (sig != null) {
@SuppressWarnings("resource") Repository repo = getRepository();
try (PublicKeyStore store = new PublicKeyStore(repo)) {
sigResult = checkSignature(sig, cert, store);
results.add(checkCustom(repo));
} finally {
if (shouldClose(repo)) {
repo.close();
}
}
} else {
results.add(CheckResult.bad("Invalid signature format"));
}
} catch (PGPException | IOException e) {
String msg = "Internal error checking push certificate";
logger.atSevere().withCause(e).log("%s", msg);
results.add(CheckResult.bad(msg));
}
return combine(sigResult, results);
}
Also used :
PGPException(org.bouncycastle.openpgp.PGPException)
Repository(org.eclipse.jgit.lib.Repository)
ArrayList(java.util.ArrayList)
PGPSignature(org.bouncycastle.openpgp.PGPSignature)
IOException(java.io.IOException)
PublicKeyStore.keyToString(com.google.gerrit.gpg.PublicKeyStore.keyToString)
PublicKeyStore.keyIdToString(com.google.gerrit.gpg.PublicKeyStore.keyIdToString)
Example 19 with PGPException
use of org.bouncycastle.openpgp.PGPException in project gerrit by GerritCodeReview.
the class GpgApiAdapterImpl method putGpgKeys.
@Override
public Map<String, GpgKeyInfo> putGpgKeys(AccountResource account, List<String> add, List<String> delete) throws RestApiException, GpgException {
GpgKeysInput in = new GpgKeysInput();
in.add = add;
in.delete = delete;
try {
return postGpgKeys.get().apply(account, in).value();
} catch (PGPException | IOException | ConfigInvalidException e) {
throw new GpgException(e);
} catch (Exception e) {
throw asRestApiException("Cannot put GPG keys", e);
}
}
Also used :
PGPException(org.bouncycastle.openpgp.PGPException)
GpgException(com.google.gerrit.server.GpgException)
GpgKeysInput(com.google.gerrit.extensions.api.accounts.GpgKeysInput)
ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException)
IOException(java.io.IOException)
ApiUtil.asRestApiException(com.google.gerrit.server.api.ApiUtil.asRestApiException)
ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException)
IOException(java.io.IOException)
GpgException(com.google.gerrit.server.GpgException)
RestApiException(com.google.gerrit.extensions.restapi.RestApiException)
PGPException(org.bouncycastle.openpgp.PGPException)
Example 20 with PGPException
use of org.bouncycastle.openpgp.PGPException in project gerrit by GerritCodeReview.
the class PublicKeyChecker method getSigner.
private static PGPPublicKey getSigner(PublicKeyStore store, PGPSignature sig, String userId, PGPPublicKey key, List<CheckResult> results) {
try {
PGPPublicKeyRingCollection signers = store.get(sig.getKeyID());
if (!signers.getKeyRings().hasNext()) {
results.add(CheckResult.ok("Key " + keyIdToString(sig.getKeyID()) + " used for certification is not in store"));
return null;
}
PGPPublicKey signer = PublicKeyStore.getSigner(signers, sig, userId, key);
if (signer == null) {
results.add(CheckResult.ok("Certification by " + keyIdToString(sig.getKeyID()) + " is not valid"));
return null;
}
return signer;
} catch (PGPException | IOException e) {
results.add(CheckResult.ok("Error checking certification by " + keyIdToString(sig.getKeyID())));
return null;
}
}
Also used :
PGPException(org.bouncycastle.openpgp.PGPException)
PGPPublicKeyRingCollection(org.bouncycastle.openpgp.PGPPublicKeyRingCollection)
PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey)
IOException(java.io.IOException)
Aggregations
PGPException (org.bouncycastle.openpgp.PGPException)22
IOException (java.io.IOException)14
InputStream (java.io.InputStream)7
BcKeyFingerprintCalculator (org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator)7
PGPPublicKey (org.bouncycastle.openpgp.PGPPublicKey)6
PGPPublicKeyRing (org.bouncycastle.openpgp.PGPPublicKeyRing)6
FileInputStream (java.io.FileInputStream)4
ArrayList (java.util.ArrayList)4
PGPPublicKeyRingCollection (org.bouncycastle.openpgp.PGPPublicKeyRingCollection)4
PGPSignature (org.bouncycastle.openpgp.PGPSignature)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)3
HashMap (java.util.HashMap)3
Iterator (java.util.Iterator)3
PGPEncryptedDataList (org.bouncycastle.openpgp.PGPEncryptedDataList)3
PGPObjectFactory (org.bouncycastle.openpgp.PGPObjectFactory)3
PGPPrivateKey (org.bouncycastle.openpgp.PGPPrivateKey)3
PGPPublicKeyEncryptedData (org.bouncycastle.openpgp.PGPPublicKeyEncryptedData)3
PGPSecretKeyRingCollection (org.bouncycastle.openpgp.PGPSecretKeyRingCollection)3
PublicKeyStore.keyIdToString (com.google.gerrit.gpg.PublicKeyStore.keyIdToString)2
