1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-30 00:02:06 +01:00

Add missing javadoc to ConsumerOptions

This commit is contained in:
Paul Schaub 2023-01-04 18:50:10 +01:00
parent abf723cc6c
commit 41cc71c274
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -42,7 +42,6 @@ import pgp.certificate_store.exception.BadDataException;
*/ */
public class ConsumerOptions { public class ConsumerOptions {
private boolean ignoreMDCErrors = false; private boolean ignoreMDCErrors = false;
private boolean forceNonOpenPgpData = false; private boolean forceNonOpenPgpData = false;
@ -55,7 +54,8 @@ public class ConsumerOptions {
// Session key for decryption without passphrase/key // Session key for decryption without passphrase/key
private SessionKey sessionKey = null; private SessionKey sessionKey = null;
private final Map<SubkeyIdentifier, PublicKeyDataDecryptorFactory> customPublicKeyDataDecryptorFactories = new HashMap<>(); private final Map<SubkeyIdentifier, PublicKeyDataDecryptorFactory> customPublicKeyDataDecryptorFactories =
new HashMap<>();
private final Map<PGPSecretKeyRing, SecretKeyRingProtector> decryptionKeys = new HashMap<>(); private final Map<PGPSecretKeyRing, SecretKeyRingProtector> decryptionKeys = new HashMap<>();
private final Set<Passphrase> decryptionPassphrases = new HashSet<>(); private final Set<Passphrase> decryptionPassphrases = new HashSet<>();
@ -135,16 +135,38 @@ public class ConsumerOptions {
return this; return this;
} }
/**
* Pass in a {@link PGPCertificateStore} from which certificates can be sourced for signature verification.
*
* @param certificateStore certificate store
* @return options
*/
public ConsumerOptions addVerificationCerts(PGPCertificateStore certificateStore) { public ConsumerOptions addVerificationCerts(PGPCertificateStore certificateStore) {
this.certificates.addStore(certificateStore); this.certificates.addStore(certificateStore);
return this; return this;
} }
public ConsumerOptions addVerificationOfDetachedSignatures(InputStream signatureInputStream) throws IOException, PGPException { /**
* Add some detached signatures from the given {@link InputStream} for verification.
*
* @param signatureInputStream input stream of detached signatures
* @return options
*
* @throws IOException in case of an IO error
* @throws PGPException in case of an OpenPGP error
*/
public ConsumerOptions addVerificationOfDetachedSignatures(InputStream signatureInputStream)
throws IOException, PGPException {
List<PGPSignature> signatures = SignatureUtils.readSignatures(signatureInputStream); List<PGPSignature> signatures = SignatureUtils.readSignatures(signatureInputStream);
return addVerificationOfDetachedSignatures(signatures); return addVerificationOfDetachedSignatures(signatures);
} }
/**
* Add some detached signatures for verification.
*
* @param detachedSignatures detached signatures
* @return options
*/
public ConsumerOptions addVerificationOfDetachedSignatures(List<PGPSignature> detachedSignatures) { public ConsumerOptions addVerificationOfDetachedSignatures(List<PGPSignature> detachedSignatures) {
for (PGPSignature signature : detachedSignatures) { for (PGPSignature signature : detachedSignatures) {
addVerificationOfDetachedSignature(signature); addVerificationOfDetachedSignature(signature);
@ -211,14 +233,15 @@ public class ConsumerOptions {
} }
/** /**
* Add a key for message decryption. If the key is encrypted, the {@link SecretKeyRingProtector} is used to decrypt it * Add a key for message decryption. If the key is encrypted, the {@link SecretKeyRingProtector}
* when needed. * is used to decrypt it when needed.
* *
* @param key key * @param key key
* @param keyRingProtector protector for the secret key * @param keyRingProtector protector for the secret key
* @return options * @return options
*/ */
public ConsumerOptions addDecryptionKey(@Nonnull PGPSecretKeyRing key, @Nonnull SecretKeyRingProtector keyRingProtector) { public ConsumerOptions addDecryptionKey(@Nonnull PGPSecretKeyRing key,
@Nonnull SecretKeyRingProtector keyRingProtector) {
decryptionKeys.put(key, keyRingProtector); decryptionKeys.put(key, keyRingProtector);
return this; return this;
} }
@ -230,7 +253,8 @@ public class ConsumerOptions {
* @param keyRingProtector protector for encrypted secret keys * @param keyRingProtector protector for encrypted secret keys
* @return options * @return options
*/ */
public ConsumerOptions addDecryptionKeys(@Nonnull PGPSecretKeyRingCollection keys, @Nonnull SecretKeyRingProtector keyRingProtector) { public ConsumerOptions addDecryptionKeys(@Nonnull PGPSecretKeyRingCollection keys,
@Nonnull SecretKeyRingProtector keyRingProtector) {
for (PGPSecretKeyRing key : keys) { for (PGPSecretKeyRing key : keys) {
addDecryptionKey(key, keyRingProtector); addDecryptionKey(key, keyRingProtector);
} }
@ -264,14 +288,31 @@ public class ConsumerOptions {
return this; return this;
} }
/**
* Return the custom {@link PublicKeyDataDecryptorFactory PublicKeyDataDecryptorFactories} that were
* set by the user.
* These factories can be used to decrypt session keys using a custom logic.
*
* @return custom decryptor factories
*/
Map<SubkeyIdentifier, PublicKeyDataDecryptorFactory> getCustomDecryptorFactories() { Map<SubkeyIdentifier, PublicKeyDataDecryptorFactory> getCustomDecryptorFactories() {
return new HashMap<>(customPublicKeyDataDecryptorFactories); return new HashMap<>(customPublicKeyDataDecryptorFactories);
} }
/**
* Return the set of available decryption keys.
*
* @return decryption keys
*/
public @Nonnull Set<PGPSecretKeyRing> getDecryptionKeys() { public @Nonnull Set<PGPSecretKeyRing> getDecryptionKeys() {
return Collections.unmodifiableSet(decryptionKeys.keySet()); return Collections.unmodifiableSet(decryptionKeys.keySet());
} }
/**
* Return the set of available message decryption passphrases.
*
* @return decryption passphrases
*/
public @Nonnull Set<Passphrase> getDecryptionPassphrases() { public @Nonnull Set<Passphrase> getDecryptionPassphrases() {
return Collections.unmodifiableSet(decryptionPassphrases); return Collections.unmodifiableSet(decryptionPassphrases);
} }
@ -287,18 +328,40 @@ public class ConsumerOptions {
return certificates.getExplicitCertificates(); return certificates.getExplicitCertificates();
} }
/**
* Return an object holding available certificates for signature verification.
*
* @return certificate source
*/
public @Nonnull CertificateSource getCertificateSource() { public @Nonnull CertificateSource getCertificateSource() {
return certificates; return certificates;
} }
/**
* Return the callback that gets called when a certificate for signature verification is missing.
* This method might return <pre>null</pre> if the users hasn't set a callback.
*
* @return missing public key callback
*/
public @Nullable MissingPublicKeyCallback getMissingCertificateCallback() { public @Nullable MissingPublicKeyCallback getMissingCertificateCallback() {
return missingCertificateCallback; return missingCertificateCallback;
} }
/**
* Return the {@link SecretKeyRingProtector} for the given {@link PGPSecretKeyRing}.
*
* @param decryptionKeyRing secret key
* @return protector for that particular secret key
*/
public @Nonnull SecretKeyRingProtector getSecretKeyProtector(PGPSecretKeyRing decryptionKeyRing) { public @Nonnull SecretKeyRingProtector getSecretKeyProtector(PGPSecretKeyRing decryptionKeyRing) {
return decryptionKeys.get(decryptionKeyRing); return decryptionKeys.get(decryptionKeyRing);
} }
/**
* Return the set of detached signatures the user provided.
*
* @return detached signatures
*/
public @Nonnull Set<PGPSignature> getDetachedSignatures() { public @Nonnull Set<PGPSignature> getDetachedSignatures() {
return Collections.unmodifiableSet(detachedSignatures); return Collections.unmodifiableSet(detachedSignatures);
} }
@ -307,12 +370,14 @@ public class ConsumerOptions {
* By default, PGPainless will require encrypted messages to make use of SEIP data packets. * By default, PGPainless will require encrypted messages to make use of SEIP data packets.
* Those are Symmetrically Encrypted Integrity Protected Data packets. * Those are Symmetrically Encrypted Integrity Protected Data packets.
* Symmetrically Encrypted Data Packets without integrity protection are rejected by default. * Symmetrically Encrypted Data Packets without integrity protection are rejected by default.
* Furthermore, PGPainless will throw an exception if verification of the MDC error detection code of the SEIP packet * Furthermore, PGPainless will throw an exception if verification of the MDC error detection
* fails. * code of the SEIP packet fails.
* *
* Failure of MDC verification indicates a tampered ciphertext, which might be the cause of an attack or data corruption. * Failure of MDC verification indicates a tampered ciphertext, which might be the cause of an
* attack or data corruption.
* *
* This method can be used to ignore MDC errors and allow PGPainless to consume encrypted data without integrity protection. * This method can be used to ignore MDC errors and allow PGPainless to consume encrypted data
* without integrity protection.
* If the flag <pre>ignoreMDCErrors</pre> is set to true, PGPainless will * If the flag <pre>ignoreMDCErrors</pre> is set to true, PGPainless will
* <ul> * <ul>
* <li>not throw exceptions for SEIP packets with tampered ciphertext</li> * <li>not throw exceptions for SEIP packets with tampered ciphertext</li>
@ -323,7 +388,8 @@ public class ConsumerOptions {
* *
* It will however still throw an exception if it encounters a SEIP packet with missing or truncated MDC * It will however still throw an exception if it encounters a SEIP packet with missing or truncated MDC
* *
* @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-5.13">Sym. Encrypted Integrity Protected Data Packet</a> * @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-5.13">
* Sym. Encrypted Integrity Protected Data Packet</a>
* @param ignoreMDCErrors true if MDC errors or missing MDCs shall be ignored, false otherwise. * @param ignoreMDCErrors true if MDC errors or missing MDCs shall be ignored, false otherwise.
* @return options * @return options
*/ */
@ -353,6 +419,11 @@ public class ConsumerOptions {
return this; return this;
} }
/**
* Return true, if the ciphertext should be handled as binary non-OpenPGP data.
*
* @return true if non-OpenPGP data is forced
*/
boolean isForceNonOpenPgpData() { boolean isForceNonOpenPgpData() {
return forceNonOpenPgpData; return forceNonOpenPgpData;
} }
@ -407,6 +478,10 @@ public class ConsumerOptions {
return multiPassStrategy; return multiPassStrategy;
} }
/**
* Source for OpenPGP certificates.
* When verifying signatures on a message, this object holds available signer certificates.
*/
public static class CertificateSource { public static class CertificateSource {
private List<PGPCertificateStore> stores = new ArrayList<>(); private List<PGPCertificateStore> stores = new ArrayList<>();