PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-12-10 14:21:09 +01:00
Code Issues Releases Wiki Activity

Merge branch 'decryptionAPI2'

Browse source
This commit is contained in:
Paul Schaub 2021-06-26 18:36:04 +02:00
commit 715ae707ed
48 changed files with 770 additions and 1641 deletions
Download patch file Download diff file Expand all files Collapse all files

262
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java Normal file
View file

@ -0,0 +1,262 @@
/*
* Copyright 2021 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.decryption_verification;
import java.io.IOException;
import java.io.InputStream;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.pgpainless.exception.NotYetImplementedException;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.signature.SignatureUtils;
import org.pgpainless.util.Passphrase;
/**
* Options for decryption and signature verification.
*/
public class ConsumerOptions {
private Date verifyNotBefore;
private Date verifyNotAfter;
// Set of verification keys
private final Set<PGPPublicKeyRing> certificates = new HashSet<>();
private final Set<PGPSignature> detachedSignatures = new HashSet<>();
private MissingPublicKeyCallback missingCertificateCallback = null;
// Session key for decryption without passphrase/key
private byte[] sessionKey = null;
private final Map<PGPSecretKeyRing, SecretKeyRingProtector> decryptionKeys = new HashMap<>();
private final Set<Passphrase> decryptionPassphrases = new HashSet<>();
/**
* Consider signatures made before the given timestamp invalid.
*
* Note: This method does not have any effect yet.
* TODO: Add support for custom signature validity date ranges
*
* @param timestamp timestamp
* @return options
*/
public ConsumerOptions verifyNotBefore(Date timestamp) {
this.verifyNotBefore = timestamp;
throw new NotYetImplementedException();
// return this;
}
public Date getVerifyNotBefore() {
return verifyNotBefore;
}
/**
* Consider signatures made after the given timestamp invalid.
*
* Note: This method does not have any effect yet.
* TODO: Add support for custom signature validity date ranges
*
* @param timestamp timestamp
* @return options
*/
public ConsumerOptions verifyNotAfter(Date timestamp) {
this.verifyNotAfter = timestamp;
throw new NotYetImplementedException();
// return this;
}
public Date getVerifyNotAfter() {
return verifyNotAfter;
}
/**
* Add a certificate (public key ring) for signature verification.
*
* @param verificationCert certificate for signature verification
* @return options
*/
public ConsumerOptions addVerificationCert(PGPPublicKeyRing verificationCert) {
this.certificates.add(verificationCert);
return this;
}
/**
* Add a set of certificates (public key rings) for signature verification.
*
* @param verificationCerts certificates for signature verification
* @return options
*/
public ConsumerOptions addVerificationCerts(PGPPublicKeyRingCollection verificationCerts) {
for (PGPPublicKeyRing certificate : verificationCerts) {
addVerificationCert(certificate);
}
return this;
}
public ConsumerOptions addVerificationOfDetachedSignatures(InputStream signatureInputStream) throws IOException, PGPException {
List<PGPSignature> signatures = SignatureUtils.readSignatures(signatureInputStream);
return addVerificationOfDetachedSignatures(signatures);
}
public ConsumerOptions addVerificationOfDetachedSignatures(List<PGPSignature> detachedSignatures) {
for (PGPSignature signature : detachedSignatures) {
addVerificationOfDetachedSignature(signature);
}
return this;
}
/**
* Add a detached signature for the signature verification process.
*
* @param detachedSignature detached signature
* @return options
*/
public ConsumerOptions addVerificationOfDetachedSignature(PGPSignature detachedSignature) {
detachedSignatures.add(detachedSignature);
return this;
}
/**
* Set a callback that's used when a certificate (public key) is missing for signature verification.
*
* @param callback callback
* @return options
*/
public ConsumerOptions setMissingCertificateCallback(MissingPublicKeyCallback callback) {
this.missingCertificateCallback = callback;
return this;
}
/**
* Attempt decryption using a session key.
*
* Note: PGPainless does not yet support decryption with session keys.
* TODO: Add support for decryption using session key.
*
* @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-2.1">RFC4880 on Session Keys</a>
*
* @param sessionKey session key
* @return options
*/
public ConsumerOptions setSessionKey(@Nonnull byte[] sessionKey) {
this.sessionKey = sessionKey;
throw new NotYetImplementedException();
// return this;
}
/**
* Return the session key.
*
* @return session key or null
*/
public @Nullable byte[] getSessionKey() {
if (sessionKey == null) {
return null;
}
byte[] sk = new byte[sessionKey.length];
System.arraycopy(sessionKey, 0, sk, 0, sessionKey.length);
return sk;
}
/**
* Add a key for message decryption.
* The key is expected to be unencrypted.
*
* @param key unencrypted key
* @return options
*/
public ConsumerOptions addDecryptionKey(@Nonnull PGPSecretKeyRing key) {
return addDecryptionKey(key, SecretKeyRingProtector.unprotectedKeys());
}
/**
* Add a key for message decryption. If the key is encrypted, the {@link SecretKeyRingProtector} is used to decrypt it
* when needed.
*
* @param key key
* @param keyRingProtector protector for the secret key
* @return options
*/
public ConsumerOptions addDecryptionKey(@Nonnull PGPSecretKeyRing key, @Nonnull SecretKeyRingProtector keyRingProtector) {
decryptionKeys.put(key, keyRingProtector);
return this;
}
/**
* Add the keys in the provided key collection for message decryption.
*
* @param keys key collection
* @param keyRingProtector protector for encrypted secret keys
* @return options
*/
public ConsumerOptions addDecryptionKeys(@Nonnull PGPSecretKeyRingCollection keys, @Nonnull SecretKeyRingProtector keyRingProtector) {
for (PGPSecretKeyRing key : keys) {
addDecryptionKey(key, keyRingProtector);
}
return this;
}
/**
* Add a passphrase for message decryption.
*
* @param passphrase passphrase
* @return options
*/
public ConsumerOptions addDecryptionPassphrase(@Nonnull Passphrase passphrase) {
decryptionPassphrases.add(passphrase);
return this;
}
public @Nonnull Set<PGPSecretKeyRing> getDecryptionKeys() {
return Collections.unmodifiableSet(decryptionKeys.keySet());
}
public @Nonnull Set<Passphrase> getDecryptionPassphrases() {
return Collections.unmodifiableSet(decryptionPassphrases);
}
public @Nonnull Set<PGPPublicKeyRing> getCertificates() {
return Collections.unmodifiableSet(certificates);
}
public @Nullable MissingPublicKeyCallback getMissingCertificateCallback() {
return missingCertificateCallback;
}
public @Nullable SecretKeyRingProtector getSecretKeyProtector(PGPSecretKeyRing decryptionKeyRing) {
return decryptionKeys.get(decryptionKeyRing);
}
public @Nonnull Set<PGPSignature> getDetachedSignatures() {
return Collections.unmodifiableSet(detachedSignatures);
}
}

32
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionBuilder.java
View file

@ -63,6 +63,15 @@ public class DecryptionBuilder implements DecryptionBuilderInterface {
class DecryptWithImpl implements DecryptWith {
@Override
public DecryptionStream withOptions(ConsumerOptions consumerOptions) throws PGPException, IOException {
if (consumerOptions == null) {
throw new IllegalArgumentException("Consumer options cannot be null.");
}
return DecryptionStreamFactory.create(inputStream, consumerOptions);
}
@Override
public Verify decryptWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRingCollection secretKeyRings) {
DecryptionBuilder.this.decryptionKeys = secretKeyRings;
@ -219,8 +228,27 @@ public class DecryptionBuilder implements DecryptionBuilderInterface {
@Override
public DecryptionStream build() throws IOException, PGPException {
return DecryptionStreamFactory.create(inputStream, decryptionKeys, decryptionKeyDecryptor,
decryptionPassphrase, detachedSignatures, verificationKeys, missingPublicKeyCallback);
ConsumerOptions options = new ConsumerOptions();
for (PGPSecretKeyRing decryptionKey : (decryptionKeys != null ? decryptionKeys : Collections.<PGPSecretKeyRing>emptyList())) {
options.addDecryptionKey(decryptionKey, decryptionKeyDecryptor);
}
for (PGPPublicKeyRing certificate : (verificationKeys != null ? verificationKeys : Collections.<PGPPublicKeyRing>emptyList())) {
options.addVerificationCert(certificate);
}
for (PGPSignature detachedSignature : (detachedSignatures != null ? detachedSignatures : Collections.<PGPSignature>emptyList())) {
options.addVerificationOfDetachedSignature(detachedSignature);
}
options.setMissingCertificateCallback(missingPublicKeyCallback);
if (decryptionPassphrase != null) {
options.addDecryptionPassphrase(decryptionPassphrase);
}
return DecryptionStreamFactory.create(inputStream, options);
}
}
}

90
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionBuilderInterface.java
View file

@ -46,6 +46,16 @@ public interface DecryptionBuilderInterface {
interface DecryptWith {
/**
* Add options for decryption / signature verification, such as keys, passphrases etc.
*
* @param consumerOptions consumer options
* @return decryption stream
* @throws PGPException in case of an OpenPGP related error
* @throws IOException in case of an IO error
*/
DecryptionStream withOptions(ConsumerOptions consumerOptions) throws PGPException, IOException;
/**
* Decrypt the encrypted data using the secret keys found in the provided {@link PGPSecretKeyRingCollection}.
* Here it is assumed that the secret keys are not password protected.
@ -54,7 +64,11 @@ public interface DecryptionBuilderInterface {
*
* @param secretKeyRings secret keys
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addDecryptionKey(PGPSecretKeyRing, SecretKeyRingProtector)}
* ({@link #withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
default Verify decryptWith(@Nonnull PGPSecretKeyRingCollection secretKeyRings) {
return decryptWith(new UnprotectedKeysProtector(), secretKeyRings);
}
@ -66,7 +80,11 @@ public interface DecryptionBuilderInterface {
* @param decryptor for unlocking locked secret keys
* @param secretKeyRings secret keys
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addDecryptionKey(PGPSecretKeyRing, SecretKeyRingProtector)}
* ({@link #withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
Verify decryptWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRingCollection secretKeyRings);
/**
@ -76,8 +94,13 @@ public interface DecryptionBuilderInterface {
* @param decryptor for unlocking locked secret key
* @param secretKeyRing secret key
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addDecryptionKey(PGPSecretKeyRing, SecretKeyRingProtector)}
* ({@link #withOptions(ConsumerOptions)}) instead.
*/
Verify decryptWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRing secretKeyRing) throws PGPException, IOException;
@Deprecated
Verify decryptWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRing secretKeyRing)
throws PGPException, IOException;
/**
* Decrypt the encrypted data using a passphrase.
@ -85,7 +108,11 @@ public interface DecryptionBuilderInterface {
*
* @param passphrase passphrase
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addDecryptionPassphrase(Passphrase)}
* ({@link #withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
Verify decryptWith(@Nonnull Passphrase passphrase);
/**
@ -93,32 +120,41 @@ public interface DecryptionBuilderInterface {
* Useful for signature verification of signed-only data.
*
* @return api handle
*
* @deprecated use {@link #withOptions(ConsumerOptions)} instead and set no decryption keys.
*/
@Deprecated
Verify doNotDecrypt();
}
@Deprecated
interface Verify extends VerifyWith {
@Override
@Deprecated
HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRingCollection publicKeyRings);
@Override
@Deprecated
default HandleMissingPublicKeys verifyWith(@Nonnull OpenPgpV4Fingerprint trustedFingerprint,
@Nonnull PGPPublicKeyRingCollection publicKeyRings) {
return verifyWith(Collections.singleton(trustedFingerprint), publicKeyRings);
}
@Override
@Deprecated
HandleMissingPublicKeys verifyWith(@Nonnull Set<OpenPgpV4Fingerprint> trustedFingerprints,
@Nonnull PGPPublicKeyRingCollection publicKeyRings);
@Override
@Deprecated
default HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRing publicKeyRing) {
return verifyWith(Collections.singleton(publicKeyRing));
}
@Override
@Deprecated
HandleMissingPublicKeys verifyWith(@Nonnull Set<PGPPublicKeyRing> publicKeyRings);
/**
@ -128,7 +164,11 @@ public interface DecryptionBuilderInterface {
* @return api handle
* @throws IOException if some IO error occurs
* @throws PGPException if the detached signatures are malformed
*
* @deprecated use {@link ConsumerOptions#addVerificationOfDetachedSignature(PGPSignature)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
default VerifyWith verifyDetachedSignature(@Nonnull byte[] bytes) throws IOException, PGPException {
return verifyDetachedSignature(new ByteArrayInputStream(bytes));
}
@ -140,7 +180,11 @@ public interface DecryptionBuilderInterface {
* @return api handle
* @throws IOException in case something is wrong with the input stream
* @throws PGPException if the detached signatures are malformed
*
* @deprecated use {@link ConsumerOptions#addVerificationOfDetachedSignature(PGPSignature)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
VerifyWith verifyDetachedSignature(@Nonnull InputStream inputStream) throws IOException, PGPException;
/**
@ -148,7 +192,11 @@ public interface DecryptionBuilderInterface {
*
* @param signature detached signature
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addVerificationOfDetachedSignature(PGPSignature)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
default VerifyWith verifyDetachedSignature(@Nonnull PGPSignature signature) {
return verifyDetachedSignatures(Collections.singletonList(signature));
}
@ -158,17 +206,25 @@ public interface DecryptionBuilderInterface {
*
* @param signatures detached signatures
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addVerificationOfDetachedSignature(PGPSignature)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
VerifyWith verifyDetachedSignatures(@Nonnull List<PGPSignature> signatures);
/**
* Instruct the {@link DecryptionStream} to not verify any signatures.
*
* @return api handle
*
* @deprecated use {@link DecryptWith#withOptions(ConsumerOptions)} instead and don't set verification keys.
*/
@Deprecated
Build doNotVerify();
}
@Deprecated
interface VerifyWith {
/**
@ -176,7 +232,11 @@ public interface DecryptionBuilderInterface {
*
* @param publicKeyRings public keys
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addVerificationCerts(PGPPublicKeyRingCollection)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRingCollection publicKeyRings);
/**
@ -186,7 +246,10 @@ public interface DecryptionBuilderInterface {
* @param trustedFingerprint {@link OpenPgpV4Fingerprint} of the public key that shall be used to verify the signatures.
* @param publicKeyRings public keys
* @return api handle
* @deprecated use {@link ConsumerOptions#addVerificationCert(PGPPublicKeyRing)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
default HandleMissingPublicKeys verifyWith(@Nonnull OpenPgpV4Fingerprint trustedFingerprint,
@Nonnull PGPPublicKeyRingCollection publicKeyRings) {
return verifyWith(Collections.singleton(trustedFingerprint), publicKeyRings);
@ -199,7 +262,11 @@ public interface DecryptionBuilderInterface {
* @param trustedFingerprints set of trusted {@link OpenPgpV4Fingerprint OpenPgpV4Fingerprints}.
* @param publicKeyRings public keys
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addVerificationCert(PGPPublicKeyRing)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
HandleMissingPublicKeys verifyWith(@Nonnull Set<OpenPgpV4Fingerprint> trustedFingerprints,
@Nonnull PGPPublicKeyRingCollection publicKeyRings);
@ -208,7 +275,11 @@ public interface DecryptionBuilderInterface {
*
* @param publicKeyRing public key
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addVerificationCert(PGPPublicKeyRing)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
default HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRing publicKeyRing) {
return verifyWith(Collections.singleton(publicKeyRing));
}
@ -218,11 +289,16 @@ public interface DecryptionBuilderInterface {
*
* @param publicKeyRings public keys
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addVerificationCert(PGPPublicKeyRing)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
HandleMissingPublicKeys verifyWith(@Nonnull Set<PGPPublicKeyRing> publicKeyRings);
}
@Deprecated
interface HandleMissingPublicKeys {
/**
@ -230,17 +306,26 @@ public interface DecryptionBuilderInterface {
*
* @param callback callback
* @return api handle
*
* @deprecated use {@link ConsumerOptions#setMissingCertificateCallback(MissingPublicKeyCallback)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
Build handleMissingPublicKeysWith(@Nonnull MissingPublicKeyCallback callback);
/**
* Instruct the {@link DecryptionStream} to ignore any missing public keys.
*
* @return api handle
*
* @deprecated simply do not set a {@link MissingPublicKeyCallback} and use
* {@link DecryptWith#withOptions(ConsumerOptions)} instead.
*/
@Deprecated
Build ignoreMissingPublicKeys();
}
@Deprecated
interface Build {
/**
@ -250,7 +335,10 @@ public interface DecryptionBuilderInterface {
* @throws IOException in case of an I/O error
* @throws PGPException if something is malformed
* @throws org.pgpainless.exception.UnacceptableAlgorithmException if the message uses weak/unacceptable algorithms
*
* @deprecated use {@link DecryptWith#withOptions(ConsumerOptions)} instead.
*/
@Deprecated
DecryptionStream build() throws IOException, PGPException;
}

155
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
View file

@ -15,20 +15,17 @@
*/
package org.pgpainless.decryption_verification;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedData;
@ -45,7 +42,6 @@ import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator;
@ -54,15 +50,17 @@ import org.bouncycastle.openpgp.operator.PGPContentVerifierBuilderProvider;
import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.EncryptionPurpose;
import org.pgpainless.algorithm.StreamEncoding;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.exception.MessageNotIntegrityProtectedException;
import org.pgpainless.exception.MissingDecryptionMethodException;
import org.pgpainless.exception.MissingLiteralDataException;
import org.pgpainless.exception.UnacceptableAlgorithmException;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.UnlockSecretKey;
import org.pgpainless.signature.DetachedSignature;
import org.pgpainless.signature.OnePassSignature;
@ -75,11 +73,7 @@ public final class DecryptionStreamFactory {
private static final Level LEVEL = Level.FINE;
private static final int MAX_RECURSION_DEPTH = 16;
private final PGPSecretKeyRingCollection decryptionKeys;
private final SecretKeyRingProtector decryptionKeyDecryptor;
private final Passphrase decryptionPassphrase;
private final Set<PGPPublicKeyRing> verificationKeys = new HashSet<>();
private final MissingPublicKeyCallback missingPublicKeyCallback;
private final ConsumerOptions options;
private final OpenPgpMetadata.Builder resultBuilder = OpenPgpMetadata.getBuilder();
private static final PGPContentVerifierBuilderProvider verifierBuilderProvider = ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider();
@ -87,48 +81,42 @@ public final class DecryptionStreamFactory {
private final Map<OpenPgpV4Fingerprint, OnePassSignature> verifiableOnePassSignatures = new HashMap<>();
private final List<IntegrityProtectedInputStream> integrityProtectedStreams = new ArrayList<>();
private DecryptionStreamFactory(@Nullable PGPSecretKeyRingCollection decryptionKeys,
@Nullable SecretKeyRingProtector decryptor,
@Nullable Passphrase decryptionPassphrase,
@Nullable Set<PGPPublicKeyRing> verificationKeys,
@Nullable MissingPublicKeyCallback missingPublicKeyCallback) {
this.decryptionKeys = decryptionKeys;
this.decryptionKeyDecryptor = decryptor;
this.decryptionPassphrase = decryptionPassphrase;
this.verificationKeys.addAll(verificationKeys != null ? verificationKeys : Collections.emptyList());
this.missingPublicKeyCallback = missingPublicKeyCallback;
public DecryptionStreamFactory(ConsumerOptions options) {
this.options = options;
}
public static DecryptionStream create(@Nonnull InputStream inputStream,
@Nullable PGPSecretKeyRingCollection decryptionKeys,
@Nullable SecretKeyRingProtector decryptor,
@Nullable Passphrase decryptionPassphrase,
@Nullable List<PGPSignature> detachedSignatures,
@Nullable Set<PGPPublicKeyRing> verificationKeys,
@Nullable MissingPublicKeyCallback missingPublicKeyCallback)
throws IOException, PGPException {
InputStream pgpInputStream;
DecryptionStreamFactory factory = new DecryptionStreamFactory(decryptionKeys, decryptor,
decryptionPassphrase, verificationKeys, missingPublicKeyCallback);
@Nonnull ConsumerOptions options)
throws PGPException, IOException {
BufferedInputStream bufferedIn = new BufferedInputStream(inputStream);
bufferedIn.mark(200);
DecryptionStreamFactory factory = new DecryptionStreamFactory(options);
if (detachedSignatures != null) {
pgpInputStream = inputStream;
for (PGPSignature signature : detachedSignatures) {
PGPPublicKeyRing signingKeyRing = factory.findSignatureVerificationKeyRing(signature.getKeyID());
if (signingKeyRing == null) {
continue;
}
PGPPublicKey signingKey = signingKeyRing.getPublicKey(signature.getKeyID());
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey);
factory.resultBuilder.addDetachedSignature(
new DetachedSignature(signature, signingKeyRing, new SubkeyIdentifier(signingKeyRing, signature.getKeyID())));
for (PGPSignature signature : options.getDetachedSignatures()) {
PGPPublicKeyRing signingKeyRing = factory.findSignatureVerificationKeyRing(signature.getKeyID());
if (signingKeyRing == null) {
continue;
}
} else {
PGPObjectFactory objectFactory = new PGPObjectFactory(
PGPUtil.getDecoderStream(inputStream), keyFingerprintCalculator);
pgpInputStream = factory.processPGPPackets(objectFactory, 1);
PGPPublicKey signingKey = signingKeyRing.getPublicKey(signature.getKeyID());
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey);
factory.resultBuilder.addDetachedSignature(
new DetachedSignature(signature, signingKeyRing, new SubkeyIdentifier(signingKeyRing, signature.getKeyID())));
}
return new DecryptionStream(pgpInputStream, factory.resultBuilder, factory.integrityProtectedStreams);
PGPObjectFactory objectFactory = new PGPObjectFactory(
PGPUtil.getDecoderStream(bufferedIn), keyFingerprintCalculator);
try {
// Parse OpenPGP message
inputStream = factory.processPGPPackets(objectFactory, 1);
} catch (MissingLiteralDataException e) {
// Not an OpenPGP message. Reset the buffered stream to parse the message as arbitrary binary data
// to allow for detached signature verification.
bufferedIn.reset();
inputStream = bufferedIn;
}
return new DecryptionStream(inputStream, factory.resultBuilder, factory.integrityProtectedStreams);
}
private InputStream processPGPPackets(@Nonnull PGPObjectFactory objectFactory, int depth) throws IOException, PGPException {
@ -151,7 +139,7 @@ public final class DecryptionStreamFactory {
}
}
throw new PGPException("No Literal Data Packet found");
throw new MissingLiteralDataException("No Literal Data Packet found");
}
private InputStream processPGPEncryptedDataList(PGPEncryptedDataList pgpEncryptedDataList, int depth)
@ -210,50 +198,68 @@ public final class DecryptionStreamFactory {
while (encryptedDataIterator.hasNext()) {
PGPEncryptedData encryptedData = encryptedDataIterator.next();
// TODO: Can we just skip non-integrity-protected packages?
if (!encryptedData.isIntegrityProtected()) {
throw new MessageNotIntegrityProtectedException();
}
// Data is passphrase encrypted
if (encryptedData instanceof PGPPBEEncryptedData) {
PGPPBEEncryptedData pbeEncryptedData = (PGPPBEEncryptedData) encryptedData;
if (decryptionPassphrase != null) {
for (Passphrase passphrase : options.getDecryptionPassphrases()) {
PBEDataDecryptorFactory passphraseDecryptor = ImplementationFactory.getInstance()
.getPBEDataDecryptorFactory(decryptionPassphrase);
SymmetricKeyAlgorithm symmetricKeyAlgorithm = SymmetricKeyAlgorithm.fromId(
pbeEncryptedData.getSymmetricAlgorithm(passphraseDecryptor));
throwIfAlgorithmIsRejected(symmetricKeyAlgorithm);
resultBuilder.setSymmetricKeyAlgorithm(symmetricKeyAlgorithm);
.getPBEDataDecryptorFactory(passphrase);
try {
return pbeEncryptedData.getDataStream(passphraseDecryptor);
InputStream decryptedDataStream = pbeEncryptedData.getDataStream(passphraseDecryptor);
SymmetricKeyAlgorithm symmetricKeyAlgorithm = SymmetricKeyAlgorithm.fromId(
pbeEncryptedData.getSymmetricAlgorithm(passphraseDecryptor));
throwIfAlgorithmIsRejected(symmetricKeyAlgorithm);
resultBuilder.setSymmetricKeyAlgorithm(symmetricKeyAlgorithm);
return decryptedDataStream;
} catch (PGPException e) {
LOGGER.log(LEVEL, "Probable passphrase mismatch, skip PBE encrypted data block", e);
}
}
}
// data is public key encrypted
else if (encryptedData instanceof PGPPublicKeyEncryptedData) {
if (options.getDecryptionKeys().isEmpty()) {
}
PGPPublicKeyEncryptedData publicKeyEncryptedData = (PGPPublicKeyEncryptedData) encryptedData;
long keyId = publicKeyEncryptedData.getKeyID();
if (decryptionKeys != null) {
if (!options.getDecryptionKeys().isEmpty()) {
// Known key id
if (keyId != 0) {
LOGGER.log(LEVEL, "PGPEncryptedData is encrypted for key " + Long.toHexString(keyId));
resultBuilder.addRecipientKeyId(keyId);
PGPSecretKey secretKey = decryptionKeys.getSecretKey(keyId);
if (secretKey != null) {
PGPSecretKeyRing decryptionKeyRing = findDecryptionKeyRing(keyId);
if (decryptionKeyRing != null) {
PGPSecretKey secretKey = decryptionKeyRing.getSecretKey(keyId);
LOGGER.log(LEVEL, "Found respective secret key " + Long.toHexString(keyId));
// Watch out! This assignment is possibly done multiple times.
encryptedSessionKey = publicKeyEncryptedData;
decryptionKey = UnlockSecretKey.unlockSecretKey(secretKey, decryptionKeyDecryptor);
decryptionKey = UnlockSecretKey.unlockSecretKey(secretKey, options.getSecretKeyProtector(decryptionKeyRing));
resultBuilder.setDecryptionFingerprint(new OpenPgpV4Fingerprint(secretKey));
}
} else {
// Hidden recipient
}
// Hidden recipient
else {
LOGGER.log(LEVEL, "Hidden recipient detected. Try to decrypt with all available secret keys.");
outerloop: for (PGPSecretKeyRing ring : decryptionKeys) {
for (PGPSecretKey key : ring) {
PGPPrivateKey privateKey = key.extractPrivateKey(decryptionKeyDecryptor.getDecryptor(key.getKeyID()));
outerloop: for (PGPSecretKeyRing ring : options.getDecryptionKeys()) {
KeyRingInfo info = new KeyRingInfo(ring);
List<PGPPublicKey> encryptionSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.STORAGE_AND_COMMUNICATIONS);
for (PGPPublicKey pubkey : encryptionSubkeys) {
PGPSecretKey key = ring.getSecretKey(pubkey.getKeyID());
if (key == null) {
continue;
}
PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(key, options.getSecretKeyProtector(ring).getDecryptor(key.getKeyID()));
PublicKeyDataDecryptorFactory decryptorFactory = ImplementationFactory.getInstance().getPublicKeyDataDecryptorFactory(privateKey);
try {
publicKeyEncryptedData.getSymmetricAlgorithm(decryptorFactory); // will only succeed if we have the right secret key
@ -271,7 +277,11 @@ public final class DecryptionStreamFactory {
}
}
}
return decryptWith(encryptedSessionKey, decryptionKey);
}
private InputStream decryptWith(PGPPublicKeyEncryptedData encryptedSessionKey, PGPPrivateKey decryptionKey)
throws PGPException {
if (decryptionKey == null) {
throw new MissingDecryptionMethodException("Decryption failed - No suitable decryption key or passphrase found");
}
@ -339,9 +349,18 @@ public final class DecryptionStreamFactory {
verifiableOnePassSignatures.put(fingerprint, onePassSignature);
}
private PGPSecretKeyRing findDecryptionKeyRing(long keyId) {
for (PGPSecretKeyRing key : options.getDecryptionKeys()) {
if (key.getSecretKey(keyId) != null) {
return key;
}
}
return null;
}
private PGPPublicKeyRing findSignatureVerificationKeyRing(long keyId) {
PGPPublicKeyRing verificationKeyRing = null;
for (PGPPublicKeyRing publicKeyRing : verificationKeys) {
for (PGPPublicKeyRing publicKeyRing : options.getCertificates()) {
PGPPublicKey verificationKey = publicKeyRing.getPublicKey(keyId);
if (verificationKey != null) {
LOGGER.log(LEVEL, "Found public key " + Long.toHexString(keyId) + " for signature verification");
@ -350,8 +369,8 @@ public final class DecryptionStreamFactory {
}
}
if (verificationKeyRing == null && missingPublicKeyCallback != null) {
verificationKeyRing = missingPublicKeyCallback.onMissingPublicKeyEncountered(keyId);
if (verificationKeyRing == null && options.getMissingCertificateCallback() != null) {
verificationKeyRing = options.getMissingCertificateCallback().onMissingPublicKeyEncountered(keyId);
}
return verificationKeyRing;

15
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/impl/package-info.java → pgpainless-core/src/main/java/org/pgpainless/exception/MissingLiteralDataException.java
View file

@ -1,5 +1,5 @@
/*
* Copyright 2018 Paul Schaub.
* Copyright 2021 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -13,7 +13,16 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.exception;
import org.bouncycastle.openpgp.PGPException;
/**
* Implementations of Key Selection Strategies.
* Exception that gets thrown if a {@link org.bouncycastle.bcpg.LiteralDataPacket} is expected, but not found.
*/
package org.pgpainless.util.selection.key.impl;
public class MissingLiteralDataException extends PGPException {
public MissingLiteralDataException(String message) {
super(message);
}
}

10
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/package-info.java → pgpainless-core/src/main/java/org/pgpainless/exception/NotYetImplementedException.java
View file

@ -1,5 +1,5 @@
/*
* Copyright 2018 Paul Schaub.
* Copyright 2021 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -13,7 +13,11 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.exception;
/**
* Different Key Selection Strategies.
* Method that gets thrown if the user requests some functionality which is not yet implemented.
*/
package org.pgpainless.util.selection.key;
public class NotYetImplementedException extends RuntimeException {
}

36
pgpainless-core/src/main/java/org/pgpainless/key/util/KeyRingUtils.java
View file

@ -21,7 +21,6 @@ import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPException;
@ -35,10 +34,6 @@ import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.protection.UnlockSecretKey;
import org.pgpainless.util.selection.key.PublicKeySelectionStrategy;
import org.pgpainless.util.selection.key.impl.And;
import org.pgpainless.util.selection.key.impl.KeyBelongsToKeyRing;
import org.pgpainless.util.selection.key.impl.NoRevocation;
public class KeyRingUtils {
@ -162,37 +157,6 @@ public class KeyRingUtils {
return new PGPSecretKeyRingCollection(Arrays.asList(rings));
}
/**
* Remove all keys from the key ring, are either not having a subkey signature from the master key
* (identified by {@code masterKeyId}), or are revoked ("normal" key revocation, as well as subkey revocation).
*
* @param ring key ring
* @param masterKey master key
* @return "cleaned" key ring
*/
public static PGPSecretKeyRing removeUnassociatedKeysFromKeyRing(@Nonnull PGPSecretKeyRing ring,
@Nonnull PGPPublicKey masterKey) {
if (!masterKey.isMasterKey()) {
throw new IllegalArgumentException("Given key is not a master key.");
}
// Only select keys which are signed by the master key and not revoked.
PublicKeySelectionStrategy selector = new And.PubKeySelectionStrategy(
new KeyBelongsToKeyRing.PubkeySelectionStrategy(masterKey),
new NoRevocation.PubKeySelectionStrategy());
PGPSecretKeyRing cleaned = ring;
Iterator<PGPSecretKey> secretKeys = ring.getSecretKeys();
while (secretKeys.hasNext()) {
PGPSecretKey secretKey = secretKeys.next();
if (!selector.accept(secretKey.getPublicKey())) {
cleaned = PGPSecretKeyRing.removeSecretKey(cleaned, secretKey);
}
}
return cleaned;
}
public static boolean keyRingContainsKeyWithId(@Nonnull PGPPublicKeyRing ring,
long keyId) {
return ring.getPublicKey(keyId) != null;

52
pgpainless-core/src/main/java/org/pgpainless/signature/SignatureUtils.java
View file

@ -15,22 +15,27 @@
*/
package org.pgpainless.signature;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.bouncycastle.bcpg.MarkerPacket;
import org.bouncycastle.bcpg.sig.KeyExpirationTime;
import org.bouncycastle.bcpg.sig.RevocationReason;
import org.bouncycastle.bcpg.sig.SignatureExpirationTime;
import org.bouncycastle.openpgp.PGPMarker;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
import org.bouncycastle.util.encoders.Hex;
import org.pgpainless.PGPainless;
@ -41,7 +46,6 @@ import org.pgpainless.key.util.OpenPgpKeyAttributeUtil;
import org.pgpainless.key.util.RevocationAttributes;
import org.pgpainless.policy.Policy;
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
import org.pgpainless.util.BCUtil;
/**
* Utility methods related to signatures.
@ -183,18 +187,44 @@ public class SignatureUtils {
* @return signature list
* @throws IOException if the signatures cannot be read
*/
public static PGPSignatureList readSignatures(String encodedSignatures) throws IOException {
InputStream inputStream = BCUtil.getPgpDecoderInputStream(encodedSignatures.getBytes(Charset.forName("UTF8")));
PGPObjectFactory objectFactory = new PGPObjectFactory(inputStream, ImplementationFactory.getInstance().getKeyFingerprintCalculator());
Object next = objectFactory.nextObject();
while (next != null) {
if (next instanceof PGPMarker) {
next = objectFactory.nextObject();
public static List<PGPSignature> readSignatures(String encodedSignatures) throws IOException, PGPException {
InputStream inputStream = new ByteArrayInputStream(encodedSignatures.getBytes(Charset.forName("UTF8")));
return readSignatures(inputStream);
}
public static List<PGPSignature> readSignatures(InputStream inputStream) throws IOException, PGPException {
List<PGPSignature> signatures = new ArrayList<>();
InputStream pgpIn = PGPUtil.getDecoderStream(inputStream);
PGPObjectFactory objectFactory = new PGPObjectFactory(
pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator());
Object nextObject = objectFactory.nextObject();
while (nextObject != null) {
if (nextObject instanceof MarkerPacket) {
nextObject = objectFactory.nextObject();
continue;
}
return (PGPSignatureList) next;
if (nextObject instanceof PGPCompressedData) {
PGPCompressedData compressedData = (PGPCompressedData) nextObject;
objectFactory = new PGPObjectFactory(compressedData.getDataStream(),
ImplementationFactory.getInstance().getKeyFingerprintCalculator());
nextObject = objectFactory.nextObject();
continue;
}
if (nextObject instanceof PGPSignatureList) {
PGPSignatureList signatureList = (PGPSignatureList) nextObject;
for (PGPSignature s : signatureList) {
signatures.add(s);
}
}
if (nextObject instanceof PGPSignature) {
signatures.add((PGPSignature) nextObject);
}
nextObject = objectFactory.nextObject();
}
return null;
pgpIn.close();
return signatures;
}
public static String getSignatureDigestPrefix(PGPSignature signature) {

32
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/KeySelectionStrategy.java
View file

@ -1,32 +0,0 @@
/*
* Copyright 2018 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.key;
import java.util.Set;
import javax.annotation.Nonnull;
/**
* Interface that describes a selection strategy for OpenPGP keys.
* @param <K> Type of the Key
* @param <R> Type of the PGPKeyRing
*/
public interface KeySelectionStrategy<K, R> {
boolean accept(K key);
Set<K> selectKeysFromKeyRing(@Nonnull R ring);
}

41
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/PublicKeySelectionStrategy.java
View file

@ -1,41 +0,0 @@
/*
* Copyright 2018 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.key;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
/**
* Key Selection Strategy which accepts {@link PGPPublicKey}s that are accepted by the abstract method
* {@link #accept(Object)}.
*/
public abstract class PublicKeySelectionStrategy implements KeySelectionStrategy<PGPPublicKey, PGPPublicKeyRing> {
@Override
public Set<PGPPublicKey> selectKeysFromKeyRing(@Nonnull PGPPublicKeyRing ring) {
Set<PGPPublicKey> keys = new HashSet<>();
for (Iterator<PGPPublicKey> i = ring.getPublicKeys(); i.hasNext(); ) {
PGPPublicKey key = i.next();
if (accept(key)) keys.add(key);
}
return keys;
}
}

42
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/SecretKeySelectionStrategy.java
View file

@ -1,42 +0,0 @@
/*
* Copyright 2018 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.key;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
/**
* Key Selection Strategy which accepts {@link PGPSecretKey}s that are accepted by the abstract method
* {@link #accept(Object)}.
*
*/
public abstract class SecretKeySelectionStrategy implements KeySelectionStrategy<PGPSecretKey, PGPSecretKeyRing> {
@Override
public Set<PGPSecretKey> selectKeysFromKeyRing(@Nonnull PGPSecretKeyRing ring) {
Set<PGPSecretKey> keys = new HashSet<>();
for (Iterator<PGPSecretKey> i = ring.getSecretKeys(); i.hasNext(); ) {
PGPSecretKey key = i.next();
if (accept(key)) keys.add(key);
}
return keys;
}
}

66
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/impl/And.java
View file

@ -1,66 +0,0 @@
/*
* Copyright 2018 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.key.impl;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.pgpainless.util.selection.key.PublicKeySelectionStrategy;
import org.pgpainless.util.selection.key.SecretKeySelectionStrategy;
public class And {
public static class PubKeySelectionStrategy extends PublicKeySelectionStrategy {
private final Set<PublicKeySelectionStrategy> strategies = new HashSet<>();
public PubKeySelectionStrategy(@Nonnull PublicKeySelectionStrategy... strategies) {
this.strategies.addAll(Arrays.asList(strategies));
}
@Override
public boolean accept(PGPPublicKey key) {
boolean accept = true;
for (PublicKeySelectionStrategy strategy : strategies) {
accept &= strategy.accept(key);
}
return accept;
}
}
public static class SecKeySelectionStrategy extends SecretKeySelectionStrategy {
private final Set<SecretKeySelectionStrategy> strategies = new HashSet<>();
public SecKeySelectionStrategy(@Nonnull SecretKeySelectionStrategy... strategies) {
this.strategies.addAll(Arrays.asList(strategies));
}
@Override
public boolean accept(PGPSecretKey key) {
boolean accept = true;
for (SecretKeySelectionStrategy strategy : strategies) {
accept &= strategy.accept(key);
}
return accept;
}
}
}

54
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/impl/EncryptionKeySelectionStrategy.java
View file

@ -1,54 +0,0 @@
/*
* Copyright 2018 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.key.impl;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.util.selection.key.PublicKeySelectionStrategy;
/**
* Key Selection Strategy that only accepts {@link PGPPublicKey}s which are capable of encryption.
*/
public class EncryptionKeySelectionStrategy extends PublicKeySelectionStrategy {
public static final Logger LOGGER = Logger.getLogger(EncryptionKeySelectionStrategy.class.getName());
private final HasAnyKeyFlagSelectionStrategy.PublicKey keyFlagSelector;
public EncryptionKeySelectionStrategy(KeyFlag... flags) {
this.keyFlagSelector = new HasAnyKeyFlagSelectionStrategy.PublicKey(flags);
}
@Override
public boolean accept(@Nonnull PGPPublicKey key) {
if (!key.isEncryptionKey()) {
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as its algorithm (" +
PublicKeyAlgorithm.fromId(key.getAlgorithm()) + ") is not suitable of encryption.");
return false;
}
if (!keyFlagSelector.accept(key)) {
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as it does not the appropriate encryption key flags.");
return false;
}
return true;
}
}

71
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/impl/HasAllKeyFlagSelectionStrategy.java
View file

@ -1,71 +0,0 @@
/*
* Copyright 2021 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.key.impl;
import java.util.Iterator;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.util.selection.key.PublicKeySelectionStrategy;
import org.pgpainless.util.selection.key.SecretKeySelectionStrategy;
/**
* Selection Strategy that accepts a key if it carries all of the specified key flags.
*/
public class HasAllKeyFlagSelectionStrategy {
public static class PublicKey extends PublicKeySelectionStrategy {
private final int keyFlagMask;
public PublicKey(KeyFlag... flags) {
this(KeyFlag.toBitmask(flags));
}
public PublicKey(int mask) {
this.keyFlagMask = mask;
}
@Override
public boolean accept(PGPPublicKey key) {
Iterator<PGPSignature> signatures = key.getSignatures();
int flags = signatures.next().getHashedSubPackets().getKeyFlags();
return (keyFlagMask & flags) == keyFlagMask;
}
}
public static class SecretKey extends SecretKeySelectionStrategy {
private final int keyFlagMask;
public SecretKey(KeyFlag... flags) {
this(KeyFlag.toBitmask(flags));
}
public SecretKey(int mask) {
this.keyFlagMask = mask;
}
@Override
public boolean accept(PGPSecretKey key) {
Iterator<PGPSignature> signatures = key.getPublicKey().getSignatures();
int flags = signatures.next().getHashedSubPackets().getKeyFlags();
return (keyFlagMask & flags) == keyFlagMask;
}
}
}

74
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/impl/HasAnyKeyFlagSelectionStrategy.java
View file

@ -1,74 +0,0 @@
/*
* Copyright 2021 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.key.impl;
import java.util.Iterator;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.util.selection.key.PublicKeySelectionStrategy;
import org.pgpainless.util.selection.key.SecretKeySelectionStrategy;
/**
* Selection Strategies that accept a key if it carries at least one of the given key flags.
*/
public class HasAnyKeyFlagSelectionStrategy {
public static class PublicKey extends PublicKeySelectionStrategy {
private final int keyFlagMask;
public PublicKey(KeyFlag... flags) {
this(KeyFlag.toBitmask(flags));
}
public PublicKey(int mask) {
this.keyFlagMask = mask;
}
@Override
public boolean accept(PGPPublicKey key) {
Iterator<PGPSignature> signatures = key.getSignatures();
int flags = 0;
while (signatures.hasNext()) {
flags = signatures.next().getHashedSubPackets().getKeyFlags();
}
return (keyFlagMask & flags) != 0;
}
}
public static class SecretKey extends SecretKeySelectionStrategy {
private final int keyFlagMask;
public SecretKey(KeyFlag... flags) {
this(KeyFlag.toBitmask(flags));
}
public SecretKey(int mask) {
this.keyFlagMask = mask;
}
@Override
public boolean accept(PGPSecretKey key) {
Iterator<PGPSignature> signatures = key.getPublicKey().getSignatures();
int flags = signatures.next().getHashedSubPackets().getKeyFlags();
return (keyFlagMask & flags) != 0;
}
}
}

67
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/impl/KeyBelongsToKeyRing.java
View file

@ -1,67 +0,0 @@
/*
* Copyright 2018 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.key.impl;
import javax.annotation.Nonnull;
import java.util.Arrays;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.util.selection.key.PublicKeySelectionStrategy;
public class KeyBelongsToKeyRing {
private static final Logger LOGGER = Logger.getLogger(KeyBelongsToKeyRing.class.getName());
public static class PubkeySelectionStrategy extends PublicKeySelectionStrategy {
private final PGPPublicKey masterKey;
public PubkeySelectionStrategy(PGPPublicKey masterKey) {
this.masterKey = masterKey;
}
@Override
public boolean accept(@Nonnull PGPPublicKey key) {
// Same key -> accept
if (Arrays.equals(masterKey.getFingerprint(), key.getFingerprint())) {
return true;
}
Iterator<PGPSignature> signatures = key.getSignaturesForKeyID(masterKey.getKeyID());
while (signatures.hasNext()) {
PGPSignature signature = signatures.next();
if (signature.getSignatureType() == PGPSignature.SUBKEY_BINDING) {
try {
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), masterKey);
return signature.verifyCertification(masterKey, key);
} catch (PGPException e) {
LOGGER.log(Level.WARNING, "Could not verify subkey signature of key " +
Long.toHexString(masterKey.getKeyID()) + " on key " + Long.toHexString(key.getKeyID()));
return false;
}
}
}
return false;
}
}
}

51
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/impl/NoRevocation.java
View file

@ -1,51 +0,0 @@
/*
* Copyright 2018 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.key.impl;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.pgpainless.util.selection.key.PublicKeySelectionStrategy;
import org.pgpainless.util.selection.key.SecretKeySelectionStrategy;
/**
* Key Selection Strategies that do accept only keys, which have no revocation.
*/
public class NoRevocation {
/**
* Key Selection Strategy which only accepts {@link PGPPublicKey}s which have no revocation.
*/
public static class PubKeySelectionStrategy extends PublicKeySelectionStrategy {
@Override
public boolean accept(@Nonnull PGPPublicKey key) {
return !key.hasRevocation();
}
}
/**
* Key Selection Strategy which only accepts {@link PGPSecretKey}s which have no revocation.
*/
public static class SecKeySelectionStrategy extends SecretKeySelectionStrategy {
@Override
public boolean accept(@Nonnull PGPSecretKey key) {
return !key.getPublicKey().hasRevocation();
}
}
}

66
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/impl/Or.java
View file

@ -1,66 +0,0 @@
/*
* Copyright 2018 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.key.impl;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.pgpainless.util.selection.key.PublicKeySelectionStrategy;
import org.pgpainless.util.selection.key.SecretKeySelectionStrategy;
public class Or {
public static class PubKeySelectionStrategy extends PublicKeySelectionStrategy {
private final Set<PublicKeySelectionStrategy> strategies = new HashSet<>();
public PubKeySelectionStrategy(@Nonnull PublicKeySelectionStrategy... strategies) {
this.strategies.addAll(Arrays.asList(strategies));
}
@Override
public boolean accept(PGPPublicKey key) {
boolean accept = false;
for (PublicKeySelectionStrategy strategy : strategies) {
accept |= strategy.accept(key);
}
return accept;
}
}
public static class SecKeySelectionStrategy extends SecretKeySelectionStrategy {
private final Set<SecretKeySelectionStrategy> strategies = new HashSet<>();
public SecKeySelectionStrategy(@Nonnull SecretKeySelectionStrategy... strategies) {
this.strategies.addAll(Arrays.asList(strategies));
}
@Override
public boolean accept(PGPSecretKey key) {
boolean accept = false;
for (SecretKeySelectionStrategy strategy : strategies) {
accept |= strategy.accept(key);
}
return accept;
}
}
}

55
pgpainless-core/src/main/java/org/pgpainless/util/selection/key/impl/SignatureKeySelectionStrategy.java
View file

@ -1,55 +0,0 @@
/*
* Copyright 2018 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.key.impl;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.util.selection.key.SecretKeySelectionStrategy;
/**
* Key Selection Strategy that only accepts {@link PGPSecretKey}s which are capable of signing.
*/
public class SignatureKeySelectionStrategy extends SecretKeySelectionStrategy {
private static final Logger LOGGER = Logger.getLogger(SignatureKeySelectionStrategy.class.getName());
HasAnyKeyFlagSelectionStrategy.SecretKey flagSelector =
new HasAnyKeyFlagSelectionStrategy.SecretKey(KeyFlag.SIGN_DATA);
@Override
public boolean accept(@Nonnull PGPSecretKey key) {
boolean hasSignDataKeyFlag = flagSelector.accept(key);
if (!key.isSigningKey()) {
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as its algorithm (" +
PublicKeyAlgorithm.fromId(key.getPublicKey().getAlgorithm()) + ") is not capable of signing.");
return false;
}
if (!hasSignDataKeyFlag) {
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) +
" as it does not carry the key flag SIGN_DATA.");
return false;
}
return true;
}
}

32
pgpainless-core/src/main/java/org/pgpainless/util/selection/keyring/impl/Email.java
View file

@ -1,32 +0,0 @@
/*
* Copyright 2018 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.keyring.impl;
public class Email {
public static class PubRingSelectionStrategy extends PartialUserId.PubRingSelectionStrategy {
public PubRingSelectionStrategy(String email) {
super(email.matches("^<.+>$") ? email : '<' + email + '>');
}
}
public static class SecRingSelectionStrategy extends PartialUserId.SecRingSelectionStrategy {
public SecRingSelectionStrategy(String email) {
super(email.matches("^<.+>$") ? email : '<' + email + '>');
}
}
}

67
pgpainless-core/src/main/java/org/pgpainless/util/selection/keyring/impl/PartialUserId.java
View file

@ -1,67 +0,0 @@
/*
* Copyright 2018 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.util.selection.keyring.impl;
import javax.annotation.Nonnull;
import java.util.Iterator;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.pgpainless.util.selection.key.PublicKeySelectionStrategy;
import org.pgpainless.util.selection.key.SecretKeySelectionStrategy;
public class PartialUserId {
public static class PubRingSelectionStrategy extends PublicKeySelectionStrategy {
protected final String identifier;
public PubRingSelectionStrategy(String identifier) {
this.identifier = identifier;
}
@Override
public boolean accept(@Nonnull PGPPublicKey key) {
for (Iterator<String> userIds = key.getUserIDs(); userIds.hasNext(); ) {
String userId = userIds.next();
if (userId.contains(identifier)) {
return true;
}
}
return false;
}
}
public static class SecRingSelectionStrategy extends SecretKeySelectionStrategy {
protected final String partialUserId;
public SecRingSelectionStrategy(String partialUserId) {
this.partialUserId = partialUserId;
}
@Override
public boolean accept(@Nonnull PGPSecretKey key) {
for (Iterator<String> userIds = key.getUserIDs(); userIds.hasNext(); ) {
String userId = userIds.next();
if (userId.contains(partialUserId)) {
return true;
}
}
return false;
}
}
}