2021-10-07 15:48:52 +02:00
|
|
|
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
|
|
|
//
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
2021-07-15 16:55:13 +02:00
|
|
|
package org.pgpainless.sop;
|
|
|
|
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.io.InputStream;
|
|
|
|
import java.io.OutputStream;
|
2022-06-07 08:55:10 +02:00
|
|
|
import java.nio.charset.Charset;
|
2021-07-15 16:55:13 +02:00
|
|
|
import java.util.ArrayList;
|
|
|
|
import java.util.Date;
|
|
|
|
import java.util.List;
|
|
|
|
|
|
|
|
import org.bouncycastle.openpgp.PGPException;
|
|
|
|
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
|
|
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
|
|
|
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
2021-07-31 20:40:31 +02:00
|
|
|
import org.bouncycastle.util.io.Streams;
|
2021-07-15 16:55:13 +02:00
|
|
|
import org.pgpainless.PGPainless;
|
2021-10-15 14:58:17 +02:00
|
|
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
2021-07-15 16:55:13 +02:00
|
|
|
import org.pgpainless.decryption_verification.ConsumerOptions;
|
|
|
|
import org.pgpainless.decryption_verification.DecryptionStream;
|
2022-11-22 16:27:34 +01:00
|
|
|
import org.pgpainless.decryption_verification.MessageMetadata;
|
2022-06-19 17:31:48 +02:00
|
|
|
import org.pgpainless.decryption_verification.SignatureVerification;
|
2022-10-24 18:32:56 +02:00
|
|
|
import org.pgpainless.exception.MalformedOpenPgpMessageException;
|
2022-06-16 11:05:28 +02:00
|
|
|
import org.pgpainless.exception.MissingDecryptionMethodException;
|
2022-06-07 08:55:10 +02:00
|
|
|
import org.pgpainless.exception.WrongPassphraseException;
|
2021-07-15 16:55:13 +02:00
|
|
|
import org.pgpainless.util.Passphrase;
|
|
|
|
import sop.DecryptionResult;
|
|
|
|
import sop.ReadyWithResult;
|
|
|
|
import sop.SessionKey;
|
|
|
|
import sop.Verification;
|
|
|
|
import sop.exception.SOPGPException;
|
|
|
|
import sop.operation.Decrypt;
|
|
|
|
|
2023-01-16 19:38:52 +01:00
|
|
|
/**
|
|
|
|
* Implementation of the <pre>decrypt</pre> operation using PGPainless.
|
|
|
|
*/
|
2021-07-15 16:55:13 +02:00
|
|
|
public class DecryptImpl implements Decrypt {
|
|
|
|
|
2022-08-29 13:22:44 +02:00
|
|
|
private final ConsumerOptions consumerOptions = ConsumerOptions.get();
|
2022-06-07 08:55:10 +02:00
|
|
|
private final MatchMakingSecretKeyRingProtector protector = new MatchMakingSecretKeyRingProtector();
|
2021-07-15 16:55:13 +02:00
|
|
|
|
|
|
|
@Override
|
|
|
|
public DecryptImpl verifyNotBefore(Date timestamp) throws SOPGPException.UnsupportedOption {
|
2021-08-18 18:27:22 +02:00
|
|
|
consumerOptions.verifyNotBefore(timestamp);
|
2021-07-15 16:55:13 +02:00
|
|
|
return this;
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public DecryptImpl verifyNotAfter(Date timestamp) throws SOPGPException.UnsupportedOption {
|
2021-08-18 18:27:22 +02:00
|
|
|
consumerOptions.verifyNotAfter(timestamp);
|
2021-07-15 16:55:13 +02:00
|
|
|
return this;
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public DecryptImpl verifyWithCert(InputStream certIn) throws SOPGPException.BadData, IOException {
|
2022-11-09 22:01:20 +01:00
|
|
|
PGPPublicKeyRingCollection certs = KeyReader.readPublicKeys(certIn, true);
|
|
|
|
if (certs != null) {
|
2021-07-15 16:55:13 +02:00
|
|
|
consumerOptions.addVerificationCerts(certs);
|
|
|
|
}
|
|
|
|
return this;
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public DecryptImpl withSessionKey(SessionKey sessionKey) throws SOPGPException.UnsupportedOption {
|
2021-10-15 14:58:17 +02:00
|
|
|
consumerOptions.setSessionKey(
|
|
|
|
new org.pgpainless.util.SessionKey(
|
2022-03-22 15:09:09 +01:00
|
|
|
SymmetricKeyAlgorithm.requireFromId(sessionKey.getAlgorithm()),
|
2021-10-15 14:58:17 +02:00
|
|
|
sessionKey.getKey()));
|
|
|
|
return this;
|
2021-07-15 16:55:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
2021-08-17 14:47:07 +02:00
|
|
|
public DecryptImpl withPassword(String password) {
|
2021-07-15 16:55:13 +02:00
|
|
|
consumerOptions.addDecryptionPassphrase(Passphrase.fromPassword(password));
|
|
|
|
String withoutTrailingWhitespace = removeTrailingWhitespace(password);
|
|
|
|
if (!password.equals(withoutTrailingWhitespace)) {
|
|
|
|
consumerOptions.addDecryptionPassphrase(Passphrase.fromPassword(withoutTrailingWhitespace));
|
|
|
|
}
|
|
|
|
return this;
|
|
|
|
}
|
|
|
|
|
|
|
|
private static String removeTrailingWhitespace(String passphrase) {
|
|
|
|
int i = passphrase.length() - 1;
|
|
|
|
// Find index of first non-whitespace character from the back
|
|
|
|
while (i > 0 && Character.isWhitespace(passphrase.charAt(i))) {
|
|
|
|
i--;
|
|
|
|
}
|
|
|
|
return passphrase.substring(0, i);
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
2022-11-06 15:03:35 +01:00
|
|
|
public DecryptImpl withKey(InputStream keyIn) throws SOPGPException.BadData, IOException, SOPGPException.UnsupportedAsymmetricAlgo {
|
2022-11-09 22:01:20 +01:00
|
|
|
PGPSecretKeyRingCollection secretKeyCollection = KeyReader.readSecretKeys(keyIn, true);
|
|
|
|
|
|
|
|
for (PGPSecretKeyRing key : secretKeyCollection) {
|
|
|
|
protector.addSecretKey(key);
|
|
|
|
consumerOptions.addDecryptionKey(key, protector);
|
2021-07-15 16:55:13 +02:00
|
|
|
}
|
|
|
|
return this;
|
|
|
|
}
|
|
|
|
|
2022-06-07 08:55:10 +02:00
|
|
|
@Override
|
|
|
|
public Decrypt withKeyPassword(byte[] password) {
|
|
|
|
String string = new String(password, Charset.forName("UTF8"));
|
|
|
|
protector.addPassphrase(Passphrase.fromPassword(string));
|
|
|
|
return this;
|
|
|
|
}
|
|
|
|
|
2021-07-15 16:55:13 +02:00
|
|
|
@Override
|
|
|
|
public ReadyWithResult<DecryptionResult> ciphertext(InputStream ciphertext)
|
|
|
|
throws SOPGPException.BadData,
|
|
|
|
SOPGPException.MissingArg {
|
|
|
|
|
2021-10-15 14:58:17 +02:00
|
|
|
if (consumerOptions.getDecryptionKeys().isEmpty() && consumerOptions.getDecryptionPassphrases().isEmpty() && consumerOptions.getSessionKey() == null) {
|
|
|
|
throw new SOPGPException.MissingArg("Missing decryption key, passphrase or session key.");
|
2021-07-15 16:55:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
DecryptionStream decryptionStream;
|
|
|
|
try {
|
|
|
|
decryptionStream = PGPainless.decryptAndOrVerify()
|
|
|
|
.onInputStream(ciphertext)
|
|
|
|
.withOptions(consumerOptions);
|
2022-06-16 11:05:28 +02:00
|
|
|
} catch (MissingDecryptionMethodException e) {
|
2022-11-06 15:03:35 +01:00
|
|
|
throw new SOPGPException.CannotDecrypt("No usable decryption key or password provided.", e);
|
2022-06-07 08:55:10 +02:00
|
|
|
} catch (WrongPassphraseException e) {
|
|
|
|
throw new SOPGPException.KeyIsProtected();
|
2022-10-24 18:32:56 +02:00
|
|
|
} catch (MalformedOpenPgpMessageException | PGPException | IOException e) {
|
2021-07-15 16:55:13 +02:00
|
|
|
throw new SOPGPException.BadData(e);
|
2022-06-07 08:55:10 +02:00
|
|
|
} finally {
|
2022-06-09 00:44:09 +02:00
|
|
|
// Forget passphrases after decryption
|
2022-06-07 08:55:10 +02:00
|
|
|
protector.clear();
|
2021-07-15 16:55:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return new ReadyWithResult<DecryptionResult>() {
|
|
|
|
@Override
|
|
|
|
public DecryptionResult writeTo(OutputStream outputStream) throws IOException, SOPGPException.NoSignature {
|
2021-07-31 20:40:31 +02:00
|
|
|
Streams.pipeAll(decryptionStream, outputStream);
|
2021-07-15 16:55:13 +02:00
|
|
|
decryptionStream.close();
|
2022-11-22 16:27:34 +01:00
|
|
|
MessageMetadata metadata = decryptionStream.getMetadata();
|
2021-07-15 16:55:13 +02:00
|
|
|
|
2022-06-23 11:47:48 +02:00
|
|
|
if (!metadata.isEncrypted()) {
|
|
|
|
throw new SOPGPException.BadData("Data is not encrypted.");
|
|
|
|
}
|
|
|
|
|
2021-07-15 16:55:13 +02:00
|
|
|
List<Verification> verificationList = new ArrayList<>();
|
2022-11-22 16:27:34 +01:00
|
|
|
for (SignatureVerification signatureVerification : metadata.getVerifiedInlineSignatures()) {
|
2022-06-19 17:31:48 +02:00
|
|
|
verificationList.add(map(signatureVerification));
|
2021-07-15 16:55:13 +02:00
|
|
|
}
|
|
|
|
|
2021-10-15 14:58:17 +02:00
|
|
|
SessionKey sessionKey = null;
|
|
|
|
if (metadata.getSessionKey() != null) {
|
|
|
|
org.pgpainless.util.SessionKey sk = metadata.getSessionKey();
|
|
|
|
sessionKey = new SessionKey(
|
|
|
|
(byte) sk.getAlgorithm().getAlgorithmId(),
|
|
|
|
sk.getKey()
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
return new DecryptionResult(sessionKey, verificationList);
|
2021-07-15 16:55:13 +02:00
|
|
|
}
|
|
|
|
};
|
|
|
|
}
|
2022-06-19 17:31:48 +02:00
|
|
|
|
|
|
|
private Verification map(SignatureVerification sigVerification) {
|
|
|
|
return new Verification(sigVerification.getSignature().getCreationTime(),
|
|
|
|
sigVerification.getSigningKey().getSubkeyFingerprint().toString(),
|
|
|
|
sigVerification.getSigningKey().getPrimaryKeyFingerprint().toString());
|
|
|
|
}
|
2021-07-15 16:55:13 +02:00
|
|
|
}
|