Search in sources :

Example 1 with PGPOnePassSignature

use of org.bouncycastle.openpgp.PGPOnePassSignature in project camel by apache.

the class PGPKeyAccessDataFormat method getSignature.

protected PGPOnePassSignature getSignature(Exchange exchange, PGPOnePassSignatureList signatureList) throws Exception {
    if (SIGNATURE_VERIFICATION_OPTION_IGNORE.equals(getSignatureVerificationOption())) {
        return null;
    }
    if (SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED.equals(getSignatureVerificationOption())) {
        throw new PGPException("PGP message contains a signature although a signature is not expected. Either change the configuration of the PGP decryptor or send a PGP message with no signature.");
    }
    List<String> allowedUserIds = determineSignaturenUserIds(exchange);
    for (int i = 0; i < signatureList.size(); i++) {
        PGPOnePassSignature signature = signatureList.get(i);
        // Determine public key from signature keyId
        PGPPublicKey sigPublicKey = publicKeyAccessor.getPublicKey(exchange, signature.getKeyID(), allowedUserIds);
        if (sigPublicKey == null) {
            continue;
        }
        // choose that signature for which a public key exists!
        signature.init(new JcaPGPContentVerifierBuilderProvider().setProvider(getProvider()), sigPublicKey);
        return signature;
    }
    if (signatureList.isEmpty()) {
        return null;
    } else {
        throw new IllegalArgumentException("Cannot verify the PGP signature: No public key found for the key ID(s) contained in the PGP signature(s). " + "Either the received PGP message contains a signature from an unexpected sender or the Public Keyring does not contain the public key of the sender.");
    }
}
Also used : PGPException(org.bouncycastle.openpgp.PGPException) PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey) PGPOnePassSignature(org.bouncycastle.openpgp.PGPOnePassSignature) JcaPGPContentVerifierBuilderProvider(org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider)

Example 2 with PGPOnePassSignature

use of org.bouncycastle.openpgp.PGPOnePassSignature in project camel by apache.

the class PGPKeyAccessDataFormat method unmarshal.

public Object unmarshal(Exchange exchange, InputStream encryptedStream) throws Exception {
    //NOPMD
    if (encryptedStream == null) {
        return null;
    }
    InputStream in = null;
    InputStream encData = null;
    InputStream uncompressedData = null;
    InputStream litData = null;
    OutputStreamBuilder osb = null;
    try {
        in = PGPUtil.getDecoderStream(encryptedStream);
        encData = getDecryptedData(exchange, in);
        PGPObjectFactory pgpFactory = new PGPObjectFactory(encData, new BcKeyFingerprintCalculator());
        Object object = pgpFactory.nextObject();
        if (object instanceof PGPCompressedData) {
            PGPCompressedData comData = (PGPCompressedData) object;
            uncompressedData = comData.getDataStream();
            pgpFactory = new PGPObjectFactory(uncompressedData, new BcKeyFingerprintCalculator());
            object = pgpFactory.nextObject();
        } else {
            LOG.debug("PGP Message does not contain a Compressed Data Packet");
        }
        PGPOnePassSignature signature;
        if (object instanceof PGPOnePassSignatureList) {
            signature = getSignature(exchange, (PGPOnePassSignatureList) object);
            object = pgpFactory.nextObject();
        } else {
            // no signature contained in PGP message
            signature = null;
            if (SIGNATURE_VERIFICATION_OPTION_REQUIRED.equals(getSignatureVerificationOption())) {
                throw new PGPException("PGP message does not contain any signatures although a signature is expected. Either send a PGP message with signature or change the configuration of the PGP decryptor.");
            }
        }
        PGPLiteralData ld;
        if (object instanceof PGPLiteralData) {
            ld = (PGPLiteralData) object;
        } else {
            throw getFormatException();
        }
        litData = ld.getInputStream();
        osb = OutputStreamBuilder.withExchange(exchange);
        byte[] buffer = new byte[BUFFER_SIZE];
        int bytesRead;
        while ((bytesRead = litData.read(buffer)) != -1) {
            osb.write(buffer, 0, bytesRead);
            if (signature != null) {
                signature.update(buffer, 0, bytesRead);
            }
            osb.flush();
        }
        verifySignature(pgpFactory, signature);
    } finally {
        IOHelper.close(osb, litData, uncompressedData, encData, in, encryptedStream);
    }
    return osb.build();
}
Also used : PGPException(org.bouncycastle.openpgp.PGPException) PGPOnePassSignatureList(org.bouncycastle.openpgp.PGPOnePassSignatureList) PGPLiteralData(org.bouncycastle.openpgp.PGPLiteralData) InputStream(java.io.InputStream) BcKeyFingerprintCalculator(org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator) PGPOnePassSignature(org.bouncycastle.openpgp.PGPOnePassSignature) OutputStreamBuilder(org.apache.camel.converter.stream.OutputStreamBuilder) PGPObjectFactory(org.bouncycastle.openpgp.PGPObjectFactory) PGPCompressedData(org.bouncycastle.openpgp.PGPCompressedData)

Aggregations

PGPException (org.bouncycastle.openpgp.PGPException)2 PGPOnePassSignature (org.bouncycastle.openpgp.PGPOnePassSignature)2 InputStream (java.io.InputStream)1 OutputStreamBuilder (org.apache.camel.converter.stream.OutputStreamBuilder)1 PGPCompressedData (org.bouncycastle.openpgp.PGPCompressedData)1 PGPLiteralData (org.bouncycastle.openpgp.PGPLiteralData)1 PGPObjectFactory (org.bouncycastle.openpgp.PGPObjectFactory)1 PGPOnePassSignatureList (org.bouncycastle.openpgp.PGPOnePassSignatureList)1 PGPPublicKey (org.bouncycastle.openpgp.PGPPublicKey)1 BcKeyFingerprintCalculator (org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator)1 JcaPGPContentVerifierBuilderProvider (org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider)1