Search in sources :

Example 1 with PGPOnePassSignatureList

use of org.bouncycastle.openpgp.PGPOnePassSignatureList in project camel by apache.

the class PGPKeyAccessDataFormat method unmarshal.

public Object unmarshal(Exchange exchange, InputStream encryptedStream) throws Exception {
    //NOPMD
    if (encryptedStream == null) {
        return null;
    }
    InputStream in = null;
    InputStream encData = null;
    InputStream uncompressedData = null;
    InputStream litData = null;
    OutputStreamBuilder osb = null;
    try {
        in = PGPUtil.getDecoderStream(encryptedStream);
        encData = getDecryptedData(exchange, in);
        PGPObjectFactory pgpFactory = new PGPObjectFactory(encData, new BcKeyFingerprintCalculator());
        Object object = pgpFactory.nextObject();
        if (object instanceof PGPCompressedData) {
            PGPCompressedData comData = (PGPCompressedData) object;
            uncompressedData = comData.getDataStream();
            pgpFactory = new PGPObjectFactory(uncompressedData, new BcKeyFingerprintCalculator());
            object = pgpFactory.nextObject();
        } else {
            LOG.debug("PGP Message does not contain a Compressed Data Packet");
        }
        PGPOnePassSignature signature;
        if (object instanceof PGPOnePassSignatureList) {
            signature = getSignature(exchange, (PGPOnePassSignatureList) object);
            object = pgpFactory.nextObject();
        } else {
            // no signature contained in PGP message
            signature = null;
            if (SIGNATURE_VERIFICATION_OPTION_REQUIRED.equals(getSignatureVerificationOption())) {
                throw new PGPException("PGP message does not contain any signatures although a signature is expected. Either send a PGP message with signature or change the configuration of the PGP decryptor.");
            }
        }
        PGPLiteralData ld;
        if (object instanceof PGPLiteralData) {
            ld = (PGPLiteralData) object;
        } else {
            throw getFormatException();
        }
        litData = ld.getInputStream();
        osb = OutputStreamBuilder.withExchange(exchange);
        byte[] buffer = new byte[BUFFER_SIZE];
        int bytesRead;
        while ((bytesRead = litData.read(buffer)) != -1) {
            osb.write(buffer, 0, bytesRead);
            if (signature != null) {
                signature.update(buffer, 0, bytesRead);
            }
            osb.flush();
        }
        verifySignature(pgpFactory, signature);
    } finally {
        IOHelper.close(osb, litData, uncompressedData, encData, in, encryptedStream);
    }
    return osb.build();
}
Also used : PGPException(org.bouncycastle.openpgp.PGPException) PGPOnePassSignatureList(org.bouncycastle.openpgp.PGPOnePassSignatureList) PGPLiteralData(org.bouncycastle.openpgp.PGPLiteralData) InputStream(java.io.InputStream) BcKeyFingerprintCalculator(org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator) PGPOnePassSignature(org.bouncycastle.openpgp.PGPOnePassSignature) OutputStreamBuilder(org.apache.camel.converter.stream.OutputStreamBuilder) PGPObjectFactory(org.bouncycastle.openpgp.PGPObjectFactory) PGPCompressedData(org.bouncycastle.openpgp.PGPCompressedData)

Example 2 with PGPOnePassSignatureList

use of org.bouncycastle.openpgp.PGPOnePassSignatureList in project incubator-gobblin by apache.

the class GPGFileDecryptor method decryptFile.

/**
 * Taking in a file inputstream, keyring inputstream and a passPhrase, generate a decrypted file inputstream.
 * @param inputStream file inputstream
 * @param keyIn keyring inputstream
 * @param passPhrase passPhrase
 * @return
 * @throws IOException
 */
@SneakyThrows(PGPException.class)
public InputStream decryptFile(InputStream inputStream, InputStream keyIn, String passPhrase) throws IOException {
    PGPEncryptedDataList enc = getPGPEncryptedDataList(inputStream);
    Iterator it = enc.getEncryptedDataObjects();
    PGPPrivateKey sKey = null;
    PGPPublicKeyEncryptedData pbe = null;
    PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(keyIn), new BcKeyFingerprintCalculator());
    while (sKey == null && it.hasNext()) {
        pbe = (PGPPublicKeyEncryptedData) it.next();
        sKey = findSecretKey(pgpSec, pbe.getKeyID(), passPhrase);
    }
    if (sKey == null) {
        throw new IllegalArgumentException("secret key for message not found.");
    }
    ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
    try (InputStream clear = pbe.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(sKey))) {
        JcaPGPObjectFactory pgpFact = new JcaPGPObjectFactory(clear);
        Object pgpfObject = pgpFact.nextObject();
        while (pgpfObject != null) {
            if (pgpfObject instanceof PGPCompressedData) {
                PGPCompressedData cData = (PGPCompressedData) pgpfObject;
                pgpFact = new JcaPGPObjectFactory(cData.getDataStream());
                pgpfObject = pgpFact.nextObject();
            }
            if (pgpfObject instanceof PGPLiteralData) {
                Streams.pipeAll(((PGPLiteralData) pgpfObject).getInputStream(), outputStream);
            } else if (pgpfObject instanceof PGPOnePassSignatureList) {
                throw new PGPException("encrypted message contains PGPOnePassSignatureList message - not literal data.");
            } else if (pgpfObject instanceof PGPSignatureList) {
                throw new PGPException("encrypted message contains PGPSignatureList message - not literal data.");
            } else {
                throw new PGPException("message is not a simple encrypted file - type unknown.");
            }
            pgpfObject = pgpFact.nextObject();
        }
        return new ByteArrayInputStream(outputStream.toByteArray());
    } finally {
        outputStream.close();
    }
}
Also used : PGPOnePassSignatureList(org.bouncycastle.openpgp.PGPOnePassSignatureList) PGPLiteralData(org.bouncycastle.openpgp.PGPLiteralData) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) JcePublicKeyDataDecryptorFactoryBuilder(org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder) PGPEncryptedDataList(org.bouncycastle.openpgp.PGPEncryptedDataList) PGPSignatureList(org.bouncycastle.openpgp.PGPSignatureList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) PGPCompressedData(org.bouncycastle.openpgp.PGPCompressedData) PGPException(org.bouncycastle.openpgp.PGPException) ByteArrayInputStream(java.io.ByteArrayInputStream) Iterator(java.util.Iterator) PGPSecretKeyRingCollection(org.bouncycastle.openpgp.PGPSecretKeyRingCollection) BcKeyFingerprintCalculator(org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator) PGPPublicKeyEncryptedData(org.bouncycastle.openpgp.PGPPublicKeyEncryptedData) PGPPrivateKey(org.bouncycastle.openpgp.PGPPrivateKey) JcaPGPObjectFactory(org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory) SneakyThrows(lombok.SneakyThrows)

Aggregations

InputStream (java.io.InputStream)2 PGPCompressedData (org.bouncycastle.openpgp.PGPCompressedData)2 PGPException (org.bouncycastle.openpgp.PGPException)2 PGPLiteralData (org.bouncycastle.openpgp.PGPLiteralData)2 PGPOnePassSignatureList (org.bouncycastle.openpgp.PGPOnePassSignatureList)2 BcKeyFingerprintCalculator (org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 Iterator (java.util.Iterator)1 SneakyThrows (lombok.SneakyThrows)1 OutputStreamBuilder (org.apache.camel.converter.stream.OutputStreamBuilder)1 PGPEncryptedDataList (org.bouncycastle.openpgp.PGPEncryptedDataList)1 PGPObjectFactory (org.bouncycastle.openpgp.PGPObjectFactory)1 PGPOnePassSignature (org.bouncycastle.openpgp.PGPOnePassSignature)1 PGPPrivateKey (org.bouncycastle.openpgp.PGPPrivateKey)1 PGPPublicKeyEncryptedData (org.bouncycastle.openpgp.PGPPublicKeyEncryptedData)1 PGPSecretKeyRingCollection (org.bouncycastle.openpgp.PGPSecretKeyRingCollection)1 PGPSignatureList (org.bouncycastle.openpgp.PGPSignatureList)1 JcaPGPObjectFactory (org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory)1 JcePublicKeyDataDecryptorFactoryBuilder (org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder)1