PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-12-12 23:31:08 +01:00
Code Issues Releases Wiki Activity

Kotlin conversion: Cleartext Signature Framework

Browse source
This commit is contained in:
Paul Schaub 2023-08-30 15:59:25 +02:00
parent 8d67820f50
commit 48af91efbf
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
10 changed files with 297 additions and 337 deletions
Download patch file Download diff file Expand all files Collapse all files

169
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/cleartext_signatures/ClearsignedMessageUtil.java
View file

@ -1,169 +0,0 @@
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.decryption_verification.cleartext_signatures;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import org.bouncycastle.bcpg.ArmoredInputStream;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.util.Strings;
import org.pgpainless.exception.WrongConsumingMethodException;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.util.ArmoredInputStreamFactory;
/**
* Utility class to deal with cleartext-signed messages.
* Based on Bouncycastle's {@link org.bouncycastle.openpgp.examples.ClearSignedFileProcessor}.
*/
public final class ClearsignedMessageUtil {
private ClearsignedMessageUtil() {
}
/**
* Dearmor a clearsigned message, detach the inband signatures and write the plaintext message to the provided
* messageOutputStream.
*
* @param clearsignedInputStream input stream containing a clearsigned message
* @param messageOutputStream output stream to which the dearmored message shall be written
* @return signatures
*
* @throws IOException if the message is not clearsigned or some other IO error happens
* @throws WrongConsumingMethodException in case the armored message is not cleartext signed
*/
public static PGPSignatureList detachSignaturesFromInbandClearsignedMessage(InputStream clearsignedInputStream,
OutputStream messageOutputStream)
throws IOException, WrongConsumingMethodException {
ArmoredInputStream in;
if (clearsignedInputStream instanceof ArmoredInputStream) {
in = (ArmoredInputStream) clearsignedInputStream;
} else {
in = ArmoredInputStreamFactory.get(clearsignedInputStream);
}
if (!in.isClearText()) {
throw new WrongConsumingMethodException("Message is not using the Cleartext Signature Framework.");
}
OutputStream out = new BufferedOutputStream(messageOutputStream);
try {
ByteArrayOutputStream lineOut = new ByteArrayOutputStream();
int lookAhead = readInputLine(lineOut, in);
byte[] lineSep = getLineSeparator();
if (lookAhead != -1 && in.isClearText()) {
byte[] line = lineOut.toByteArray();
out.write(line, 0, getLengthWithoutSeparatorOrTrailingWhitespace(line));
while (lookAhead != -1 && in.isClearText()) {
lookAhead = readInputLine(lineOut, lookAhead, in);
line = lineOut.toByteArray();
out.write(lineSep);
out.write(line, 0, getLengthWithoutSeparatorOrTrailingWhitespace(line));
}
} else {
if (lookAhead != -1) {
byte[] line = lineOut.toByteArray();
out.write(line, 0, getLengthWithoutSeparatorOrTrailingWhitespace(line));
}
}
} finally {
out.close();
}
PGPObjectFactory objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(in);
PGPSignatureList signatures = (PGPSignatureList) objectFactory.nextObject();
return signatures;
}
public static int readInputLine(ByteArrayOutputStream bOut, InputStream fIn)
throws IOException {
bOut.reset();
int lookAhead = -1;
int ch;
while ((ch = fIn.read()) >= 0) {
bOut.write(ch);
if (ch == '\r' || ch == '\n') {
lookAhead = readPassedEOL(bOut, ch, fIn);
break;
}
}
return lookAhead;
}
public static int readInputLine(ByteArrayOutputStream bOut, int lookAhead, InputStream fIn)
throws IOException {
bOut.reset();
int ch = lookAhead;
do {
bOut.write(ch);
if (ch == '\r' || ch == '\n') {
lookAhead = readPassedEOL(bOut, ch, fIn);
break;
}
}
while ((ch = fIn.read()) >= 0);
if (ch < 0) {
lookAhead = -1;
}
return lookAhead;
}
private static int readPassedEOL(ByteArrayOutputStream bOut, int lastCh, InputStream fIn)
throws IOException {
int lookAhead = fIn.read();
if (lastCh == '\r' && lookAhead == '\n') {
bOut.write(lookAhead);
lookAhead = fIn.read();
}
return lookAhead;
}
private static byte[] getLineSeparator() {
String nl = Strings.lineSeparator();
byte[] nlBytes = new byte[nl.length()];
for (int i = 0; i != nlBytes.length; i++) {
nlBytes[i] = (byte) nl.charAt(i);
}
return nlBytes;
}
private static int getLengthWithoutSeparatorOrTrailingWhitespace(byte[] line) {
int end = line.length - 1;
while (end >= 0 && isWhiteSpace(line[end])) {
end--;
}
return end + 1;
}
private static boolean isLineEnding(byte b) {
return b == '\r' || b == '\n';
}
private static boolean isWhiteSpace(byte b) {
return isLineEnding(b) || b == '\t' || b == ' ';
}
}

35
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/cleartext_signatures/InMemoryMultiPassStrategy.java
View file

@ -1,35 +0,0 @@
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.decryption_verification.cleartext_signatures;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
/**
* Implementation of the {@link MultiPassStrategy}.
* This class keeps the read data in memory by caching the data inside a {@link ByteArrayOutputStream}.
*
* Note, that this class is suitable and efficient for processing small amounts of data.
* For larger data like encrypted files, use of the {@link WriteToFileMultiPassStrategy} is recommended to
* prevent {@link OutOfMemoryError OutOfMemoryErrors} and other issues.
*/
public class InMemoryMultiPassStrategy implements MultiPassStrategy {
private final ByteArrayOutputStream cache = new ByteArrayOutputStream();
@Override
public ByteArrayOutputStream getMessageOutputStream() {
return cache;
}
@Override
public ByteArrayInputStream getMessageInputStream() {
return new ByteArrayInputStream(getBytes());
}
public byte[] getBytes() {
return getMessageOutputStream().toByteArray();
}
}

70
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/cleartext_signatures/MultiPassStrategy.java
View file

@ -1,70 +0,0 @@
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.decryption_verification.cleartext_signatures;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
/**
* Since for verification of cleartext signed messages, we need to read the whole data twice in order to verify signatures,
* a strategy for how to cache the read data is required.
* Otherwise, large data kept in memory could cause {@link OutOfMemoryError OutOfMemoryErrors} or other issues.
*
* This is an Interface that describes a strategy to deal with the fact that detached signatures require multiple passes
* to do verification.
*
* This interface can be used to write the signed data stream out via {@link #getMessageOutputStream()} and later
* get access to the data again via {@link #getMessageInputStream()}.
* Thereby the detail where the data is being stored (memory, file, etc.) can be abstracted away.
*/
public interface MultiPassStrategy {
/**
* Provide an {@link OutputStream} into which the signed data can be read into.
*
* @return output stream
* @throws IOException io error
*/
OutputStream getMessageOutputStream() throws IOException;
/**
* Provide an {@link InputStream} which contains the data that was previously written away in
* {@link #getMessageOutputStream()}.
*
* As there may be multiple signatures that need to be processed, each call of this method MUST return
* a new {@link InputStream}.
*
* @return input stream
* @throws IOException io error
*/
InputStream getMessageInputStream() throws IOException;
/**
* Write the message content out to a file and re-read it to verify signatures.
* This strategy is best suited for larger messages (e.g. plaintext signed files) which might not fit into memory.
* After the message has been processed completely, the messages content are available at the provided file.
*
* @param file target file
* @return strategy
*/
static MultiPassStrategy writeMessageToFile(File file) {
return new WriteToFileMultiPassStrategy(file);
}
/**
* Read the message content into memory.
* This strategy is best suited for small messages which fit into memory.
* After the message has been processed completely, the message content can be accessed by calling
* {@link ByteArrayOutputStream#toByteArray()} on {@link #getMessageOutputStream()}.
*
* @return strategy
*/
static InMemoryMultiPassStrategy keepMessageInMemory() {
return new InMemoryMultiPassStrategy();
}
}

54
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/cleartext_signatures/WriteToFileMultiPassStrategy.java
View file

@ -1,54 +0,0 @@
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.decryption_verification.cleartext_signatures;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
/**
* Implementation of the {@link MultiPassStrategy}.
* When processing signed data the first time, the data is being written out into a file.
* For the second pass, that file is being read again.
*
* This strategy is recommended when larger amounts of data need to be processed.
* For smaller files, {@link InMemoryMultiPassStrategy} yields higher efficiency.
*/
public class WriteToFileMultiPassStrategy implements MultiPassStrategy {
private final File file;
/**
* Create a {@link MultiPassStrategy} which writes data to a file.
* Note that {@link #getMessageOutputStream()} will create the file if necessary.
*
* @param file file to write the data to and read from
*/
public WriteToFileMultiPassStrategy(File file) {
this.file = file;
}
@Override
public OutputStream getMessageOutputStream() throws IOException {
if (!file.exists()) {
boolean created = file.createNewFile();
if (!created) {
throw new IOException("New file '" + file.getAbsolutePath() + "' was not created.");
}
}
return new FileOutputStream(file);
}
@Override
public InputStream getMessageInputStream() throws IOException {
if (!file.exists()) {
throw new IOException("File '" + file.getAbsolutePath() + "' does no longer exist.");
}
return new FileInputStream(file);
}
}

8
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/cleartext_signatures/package-info.java
View file

@ -1,8 +0,0 @@
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
/**
* Classes related to cleartext signature verification.
*/
package org.pgpainless.decryption_verification.cleartext_signatures;