mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-23 03:17:58 +01:00
Clean up old unused code
This commit is contained in:
parent
ec793c66ff
commit
161ce57711
5 changed files with 1 additions and 315 deletions
|
@ -13,7 +13,7 @@ import org.bouncycastle.openpgp.PGPException;
|
||||||
public interface DecryptionBuilderInterface {
|
public interface DecryptionBuilderInterface {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a {@link DecryptionStreamImpl} on an {@link InputStream} which contains the encrypted and/or signed data.
|
* Create a {@link DecryptionStream} on an {@link InputStream} which contains the encrypted and/or signed data.
|
||||||
*
|
*
|
||||||
* @param inputStream encrypted and/or signed data.
|
* @param inputStream encrypted and/or signed data.
|
||||||
* @return api handle
|
* @return api handle
|
||||||
|
|
|
@ -1,65 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2018 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package org.pgpainless.decryption_verification;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import javax.annotation.Nonnull;
|
|
||||||
|
|
||||||
import org.bouncycastle.util.io.Streams;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Decryption Stream that handles updating and verification of detached signatures,
|
|
||||||
* as well as verification of integrity-protected input streams once the stream gets closed.
|
|
||||||
*/
|
|
||||||
public class DecryptionStreamImpl extends DecryptionStream {
|
|
||||||
|
|
||||||
private final InputStream inputStream;
|
|
||||||
private final IntegrityProtectedInputStream integrityProtectedInputStream;
|
|
||||||
private final InputStream armorStream;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Create an input stream that handles decryption and - if necessary - integrity protection verification.
|
|
||||||
*
|
|
||||||
* @param wrapped underlying input stream
|
|
||||||
* @param resultBuilder builder for decryption metadata like algorithms, recipients etc.
|
|
||||||
* @param integrityProtectedInputStream in case of data encrypted using SEIP packet close this stream to check integrity
|
|
||||||
* @param armorStream armor stream to verify CRC checksums
|
|
||||||
*/
|
|
||||||
DecryptionStreamImpl(@Nonnull InputStream wrapped,
|
|
||||||
@Nonnull OpenPgpMetadata.Builder resultBuilder,
|
|
||||||
IntegrityProtectedInputStream integrityProtectedInputStream,
|
|
||||||
InputStream armorStream) {
|
|
||||||
super(resultBuilder);
|
|
||||||
this.inputStream = wrapped;
|
|
||||||
this.integrityProtectedInputStream = integrityProtectedInputStream;
|
|
||||||
this.armorStream = armorStream;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void close() throws IOException {
|
|
||||||
if (armorStream != null) {
|
|
||||||
Streams.drain(armorStream);
|
|
||||||
}
|
|
||||||
inputStream.close();
|
|
||||||
if (integrityProtectedInputStream != null) {
|
|
||||||
integrityProtectedInputStream.close();
|
|
||||||
}
|
|
||||||
super.close();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public int read() throws IOException {
|
|
||||||
int r = inputStream.read();
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public int read(@Nonnull byte[] bytes, int offset, int length) throws IOException {
|
|
||||||
int read = inputStream.read(bytes, offset, length);
|
|
||||||
return read;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,215 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package org.pgpainless.decryption_verification;
|
|
||||||
|
|
||||||
import static org.pgpainless.signature.consumer.SignatureValidator.signatureWasCreatedInBounds;
|
|
||||||
|
|
||||||
import java.io.FilterInputStream;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Map;
|
|
||||||
import javax.annotation.Nonnull;
|
|
||||||
import javax.annotation.Nullable;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPObjectFactory;
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
|
||||||
import org.bouncycastle.openpgp.PGPSignatureList;
|
|
||||||
import org.pgpainless.PGPainless;
|
|
||||||
import org.pgpainless.exception.SignatureValidationException;
|
|
||||||
import org.pgpainless.policy.Policy;
|
|
||||||
import org.pgpainless.signature.consumer.CertificateValidator;
|
|
||||||
import org.pgpainless.signature.consumer.SignatureCheck;
|
|
||||||
import org.pgpainless.signature.consumer.OnePassSignatureCheck;
|
|
||||||
import org.pgpainless.signature.SignatureUtils;
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
|
|
||||||
public abstract class SignatureInputStream extends FilterInputStream {
|
|
||||||
|
|
||||||
protected SignatureInputStream(InputStream inputStream) {
|
|
||||||
super(inputStream);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static class VerifySignatures extends SignatureInputStream {
|
|
||||||
|
|
||||||
private static final Logger LOGGER = LoggerFactory.getLogger(VerifySignatures.class);
|
|
||||||
|
|
||||||
private final PGPObjectFactory objectFactory;
|
|
||||||
private final List<OnePassSignatureCheck> opSignatures;
|
|
||||||
private final Map<Long, OnePassSignatureCheck> opSignaturesWithMissingCert;
|
|
||||||
private final List<SignatureCheck> detachedSignatures;
|
|
||||||
private final ConsumerOptions options;
|
|
||||||
private final OpenPgpMetadata.Builder resultBuilder;
|
|
||||||
|
|
||||||
public VerifySignatures(
|
|
||||||
InputStream literalDataStream,
|
|
||||||
@Nullable PGPObjectFactory objectFactory,
|
|
||||||
List<OnePassSignatureCheck> opSignatures,
|
|
||||||
Map<Long, OnePassSignatureCheck> onePassSignaturesWithMissingCert,
|
|
||||||
List<SignatureCheck> detachedSignatures,
|
|
||||||
ConsumerOptions options,
|
|
||||||
OpenPgpMetadata.Builder resultBuilder) {
|
|
||||||
super(literalDataStream);
|
|
||||||
this.objectFactory = objectFactory;
|
|
||||||
this.opSignatures = opSignatures;
|
|
||||||
this.opSignaturesWithMissingCert = onePassSignaturesWithMissingCert;
|
|
||||||
this.detachedSignatures = detachedSignatures;
|
|
||||||
this.options = options;
|
|
||||||
this.resultBuilder = resultBuilder;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public int read() throws IOException {
|
|
||||||
final int data = super.read();
|
|
||||||
final boolean endOfStream = data == -1;
|
|
||||||
if (endOfStream) {
|
|
||||||
finalizeSignatures();
|
|
||||||
} else {
|
|
||||||
byte b = (byte) data;
|
|
||||||
updateOnePassSignatures(b);
|
|
||||||
updateDetachedSignatures(b);
|
|
||||||
}
|
|
||||||
return data;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public int read(@Nonnull byte[] b, int off, int len) throws IOException {
|
|
||||||
int read = super.read(b, off, len);
|
|
||||||
|
|
||||||
final boolean endOfStream = read == -1;
|
|
||||||
if (endOfStream) {
|
|
||||||
finalizeSignatures();
|
|
||||||
} else {
|
|
||||||
updateOnePassSignatures(b, off, read);
|
|
||||||
updateDetachedSignatures(b, off, read);
|
|
||||||
}
|
|
||||||
return read;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void finalizeSignatures() {
|
|
||||||
parseAndCombineSignatures();
|
|
||||||
verifyOnePassSignatures();
|
|
||||||
verifyDetachedSignatures();
|
|
||||||
}
|
|
||||||
|
|
||||||
public void parseAndCombineSignatures() {
|
|
||||||
if (objectFactory == null) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
// Parse signatures from message
|
|
||||||
PGPSignatureList signatures;
|
|
||||||
try {
|
|
||||||
signatures = parseSignatures(objectFactory);
|
|
||||||
} catch (IOException e) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
List<PGPSignature> signatureList = SignatureUtils.toList(signatures);
|
|
||||||
// Set signatures as comparison sigs in OPS checks
|
|
||||||
for (int i = 0; i < opSignatures.size(); i++) {
|
|
||||||
int reversedIndex = opSignatures.size() - i - 1;
|
|
||||||
opSignatures.get(i).setSignature(signatureList.get(reversedIndex));
|
|
||||||
}
|
|
||||||
|
|
||||||
for (PGPSignature signature : signatureList) {
|
|
||||||
if (opSignaturesWithMissingCert.containsKey(signature.getKeyID())) {
|
|
||||||
OnePassSignatureCheck check = opSignaturesWithMissingCert.remove(signature.getKeyID());
|
|
||||||
check.setSignature(signature);
|
|
||||||
|
|
||||||
resultBuilder.addInvalidInbandSignature(new SignatureVerification(signature, null),
|
|
||||||
new SignatureValidationException(
|
|
||||||
"Missing verification certificate " + Long.toHexString(signature.getKeyID())));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private PGPSignatureList parseSignatures(PGPObjectFactory objectFactory) throws IOException {
|
|
||||||
PGPSignatureList signatureList = null;
|
|
||||||
Object pgpObject = objectFactory.nextObject();
|
|
||||||
while (pgpObject != null && signatureList == null) {
|
|
||||||
if (pgpObject instanceof PGPSignatureList) {
|
|
||||||
signatureList = (PGPSignatureList) pgpObject;
|
|
||||||
} else {
|
|
||||||
pgpObject = objectFactory.nextObject();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (signatureList == null || signatureList.isEmpty()) {
|
|
||||||
throw new IOException("Verification failed - No Signatures found");
|
|
||||||
}
|
|
||||||
|
|
||||||
return signatureList;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
private synchronized void verifyOnePassSignatures() {
|
|
||||||
Policy policy = PGPainless.getPolicy();
|
|
||||||
for (OnePassSignatureCheck opSignature : opSignatures) {
|
|
||||||
if (opSignature.getSignature() == null) {
|
|
||||||
LOGGER.warn("Found OnePassSignature without respective signature packet -> skip");
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
signatureWasCreatedInBounds(options.getVerifyNotBefore(),
|
|
||||||
options.getVerifyNotAfter()).verify(opSignature.getSignature());
|
|
||||||
CertificateValidator.validateCertificateAndVerifyOnePassSignature(opSignature, policy);
|
|
||||||
resultBuilder.addVerifiedInbandSignature(
|
|
||||||
new SignatureVerification(opSignature.getSignature(), opSignature.getSigningKey()));
|
|
||||||
} catch (SignatureValidationException e) {
|
|
||||||
LOGGER.warn("One-pass-signature verification failed for signature made by key {}: {}",
|
|
||||||
opSignature.getSigningKey(), e.getMessage(), e);
|
|
||||||
resultBuilder.addInvalidInbandSignature(
|
|
||||||
new SignatureVerification(opSignature.getSignature(), opSignature.getSigningKey()), e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void verifyDetachedSignatures() {
|
|
||||||
Policy policy = PGPainless.getPolicy();
|
|
||||||
for (SignatureCheck s : detachedSignatures) {
|
|
||||||
try {
|
|
||||||
signatureWasCreatedInBounds(options.getVerifyNotBefore(),
|
|
||||||
options.getVerifyNotAfter()).verify(s.getSignature());
|
|
||||||
CertificateValidator.validateCertificateAndVerifyInitializedSignature(s.getSignature(),
|
|
||||||
(PGPPublicKeyRing) s.getSigningKeyRing(), policy);
|
|
||||||
resultBuilder.addVerifiedDetachedSignature(new SignatureVerification(s.getSignature(),
|
|
||||||
s.getSigningKeyIdentifier()));
|
|
||||||
} catch (SignatureValidationException e) {
|
|
||||||
LOGGER.warn("One-pass-signature verification failed for signature made by key {}: {}",
|
|
||||||
s.getSigningKeyIdentifier(), e.getMessage(), e);
|
|
||||||
resultBuilder.addInvalidDetachedSignature(new SignatureVerification(s.getSignature(),
|
|
||||||
s.getSigningKeyIdentifier()), e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void updateOnePassSignatures(byte data) {
|
|
||||||
for (OnePassSignatureCheck opSignature : opSignatures) {
|
|
||||||
opSignature.getOnePassSignature().update(data);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void updateOnePassSignatures(byte[] bytes, int offset, int length) {
|
|
||||||
for (OnePassSignatureCheck opSignature : opSignatures) {
|
|
||||||
opSignature.getOnePassSignature().update(bytes, offset, length);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void updateDetachedSignatures(byte b) {
|
|
||||||
for (SignatureCheck detachedSignature : detachedSignatures) {
|
|
||||||
detachedSignature.getSignature().update(b);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void updateDetachedSignatures(byte[] b, int off, int read) {
|
|
||||||
for (SignatureCheck detachedSignature : detachedSignatures) {
|
|
||||||
detachedSignature.getSignature().update(b, off, read);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,17 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package org.pgpainless.exception;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Wrapper for {@link IOException} indicating that we need to throw this exception up.
|
|
||||||
*/
|
|
||||||
public class FinalIOException extends IOException {
|
|
||||||
|
|
||||||
public FinalIOException(IOException e) {
|
|
||||||
super(e);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,17 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package org.pgpainless.exception;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Exception that gets thrown if a {@link org.bouncycastle.bcpg.LiteralDataPacket} is expected, but not found.
|
|
||||||
*/
|
|
||||||
public class MissingLiteralDataException extends PGPException {
|
|
||||||
|
|
||||||
public MissingLiteralDataException(String message) {
|
|
||||||
super(message);
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in a new issue