Remove deprecated decryption API code

This commit is contained in:
Paul Schaub 2021-06-29 15:24:53 +02:00
parent 42aed70719
commit ab347dab43
2 changed files with 1 additions and 509 deletions

View File

@ -17,43 +17,13 @@ package org.pgpainless.decryption_verification;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import org.bouncycastle.bcpg.MarkerPacket;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.util.Passphrase;
public class DecryptionBuilder implements DecryptionBuilderInterface {
private InputStream inputStream;
private PGPSecretKeyRingCollection decryptionKeys;
private SecretKeyRingProtector decryptionKeyDecryptor;
private Passphrase decryptionPassphrase;
private List<PGPSignature> detachedSignatures;
private Set<PGPPublicKeyRing> verificationKeys = new HashSet<>();
private MissingPublicKeyCallback missingPublicKeyCallback = null;
private final KeyFingerPrintCalculator keyFingerPrintCalculator =
ImplementationFactory.getInstance().getKeyFingerprintCalculator();
@Override
public DecryptWith onInputStream(@Nonnull InputStream inputStream) {
@ -71,184 +41,5 @@ public class DecryptionBuilder implements DecryptionBuilderInterface {
return DecryptionStreamFactory.create(inputStream, consumerOptions);
}
@Override
public Verify decryptWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRingCollection secretKeyRings) {
DecryptionBuilder.this.decryptionKeys = secretKeyRings;
DecryptionBuilder.this.decryptionKeyDecryptor = decryptor;
return new VerifyImpl();
}
@Override
public Verify decryptWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRing secretKeyRing) throws PGPException, IOException {
DecryptionBuilder.this.decryptionKeys = new PGPSecretKeyRingCollection(Collections.singleton(secretKeyRing));
DecryptionBuilder.this.decryptionKeyDecryptor = decryptor;
return new VerifyImpl();
}
@Override
public Verify decryptWith(@Nonnull Passphrase passphrase) {
if (passphrase.isEmpty()) {
throw new IllegalArgumentException("Passphrase MUST NOT be empty.");
}
DecryptionBuilder.this.decryptionPassphrase = passphrase;
return new VerifyImpl();
}
@Override
public Verify doNotDecrypt() {
DecryptionBuilder.this.decryptionKeys = null;
DecryptionBuilder.this.decryptionKeyDecryptor = null;
return new VerifyImpl();
}
}
class VerifyImpl implements Verify {
@Override
public VerifyWith verifyDetachedSignature(@Nonnull InputStream inputStream) throws IOException, PGPException {
List<PGPSignature> signatures = new ArrayList<>();
InputStream pgpIn = PGPUtil.getDecoderStream(inputStream);
PGPObjectFactory objectFactory = new PGPObjectFactory(
pgpIn, keyFingerPrintCalculator);
Object nextObject = objectFactory.nextObject();
while (nextObject != null) {
if (nextObject instanceof MarkerPacket) {
nextObject = objectFactory.nextObject();
continue;
}
if (nextObject instanceof PGPCompressedData) {
PGPCompressedData compressedData = (PGPCompressedData) nextObject;
objectFactory = new PGPObjectFactory(compressedData.getDataStream(), keyFingerPrintCalculator);
nextObject = objectFactory.nextObject();
continue;
}
if (nextObject instanceof PGPSignatureList) {
PGPSignatureList signatureList = (PGPSignatureList) nextObject;
for (PGPSignature s : signatureList) {
signatures.add(s);
}
}
if (nextObject instanceof PGPSignature) {
signatures.add((PGPSignature) nextObject);
}
nextObject = objectFactory.nextObject();
}
pgpIn.close();
return verifyDetachedSignatures(signatures);
}
@Override
public VerifyWith verifyDetachedSignatures(@Nonnull List<PGPSignature> signatures) {
DecryptionBuilder.this.detachedSignatures = signatures;
return new VerifyWithImpl();
}
@Override
public HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRingCollection publicKeyRings) {
return new VerifyWithImpl().verifyWith(publicKeyRings);
}
@Override
public HandleMissingPublicKeys verifyWith(@Nonnull Set<OpenPgpV4Fingerprint> trustedFingerprints,
@Nonnull PGPPublicKeyRingCollection publicKeyRings) {
return new VerifyWithImpl().verifyWith(trustedFingerprints, publicKeyRings);
}
@Override
public HandleMissingPublicKeys verifyWith(@Nonnull Set<PGPPublicKeyRing> publicKeyRings) {
return new VerifyWithImpl().verifyWith(publicKeyRings);
}
@Override
public Build doNotVerify() {
DecryptionBuilder.this.verificationKeys = null;
return new BuildImpl();
}
}
class VerifyWithImpl implements VerifyWith {
@Override
public HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRingCollection publicKeyRingCollection) {
Set<PGPPublicKeyRing> publicKeyRings = new HashSet<>();
for (Iterator<PGPPublicKeyRing> i = publicKeyRingCollection.getKeyRings(); i.hasNext(); ) {
publicKeyRings.add(i.next());
}
return verifyWith(publicKeyRings);
}
@Override
public HandleMissingPublicKeys verifyWith(@Nonnull Set<OpenPgpV4Fingerprint> trustedKeyIds,
@Nonnull PGPPublicKeyRingCollection publicKeyRingCollection) {
Set<PGPPublicKeyRing> publicKeyRings = keyRingCollectionToSet(publicKeyRingCollection);
removeUntrustedPublicKeys(publicKeyRings, trustedKeyIds);
return verifyWith(publicKeyRings);
}
private void removeUntrustedPublicKeys(Set<PGPPublicKeyRing> publicKeyRings, Set<OpenPgpV4Fingerprint> trustedKeyIds) {
for (PGPPublicKeyRing p : new HashSet<>(publicKeyRings)) {
if (!trustedKeyIds.contains(new OpenPgpV4Fingerprint(p))) {
publicKeyRings.remove(p);
}
}
}
private Set<PGPPublicKeyRing> keyRingCollectionToSet(PGPPublicKeyRingCollection publicKeyRingCollection) {
Set<PGPPublicKeyRing> publicKeyRings = new HashSet<>();
for (Iterator<PGPPublicKeyRing> i = publicKeyRingCollection.getKeyRings(); i.hasNext(); ) {
publicKeyRings.add(i.next());
}
return publicKeyRings;
}
@Override
public HandleMissingPublicKeys verifyWith(@Nonnull Set<PGPPublicKeyRing> publicKeyRings) {
DecryptionBuilder.this.verificationKeys = publicKeyRings;
return new HandleMissingPublicKeysImpl();
}
}
class HandleMissingPublicKeysImpl implements HandleMissingPublicKeys {
@Override
public Build handleMissingPublicKeysWith(@Nonnull MissingPublicKeyCallback callback) {
DecryptionBuilder.this.missingPublicKeyCallback = callback;
return new BuildImpl();
}
@Override
public Build ignoreMissingPublicKeys() {
DecryptionBuilder.this.missingPublicKeyCallback = null;
return new BuildImpl();
}
}
class BuildImpl implements Build {
@Override
public DecryptionStream build() throws IOException, PGPException {
ConsumerOptions options = new ConsumerOptions();
for (PGPSecretKeyRing decryptionKey : (decryptionKeys != null ? decryptionKeys : Collections.<PGPSecretKeyRing>emptyList())) {
options.addDecryptionKey(decryptionKey, decryptionKeyDecryptor);
}
for (PGPPublicKeyRing certificate : (verificationKeys != null ? verificationKeys : Collections.<PGPPublicKeyRing>emptyList())) {
options.addVerificationCert(certificate);
}
for (PGPSignature detachedSignature : (detachedSignatures != null ? detachedSignatures : Collections.<PGPSignature>emptyList())) {
options.addVerificationOfDetachedSignature(detachedSignature);
}
options.setMissingCertificateCallback(missingPublicKeyCallback);
if (decryptionPassphrase != null) {
options.addDecryptionPassphrase(decryptionPassphrase);
}
return DecryptionStreamFactory.create(inputStream, options);
}
}
}

View File

@ -15,24 +15,11 @@
*/
package org.pgpainless.decryption_verification;
import javax.annotation.Nonnull;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.protection.UnprotectedKeysProtector;
import org.pgpainless.util.Passphrase;
public interface DecryptionBuilderInterface {
@ -56,291 +43,5 @@ public interface DecryptionBuilderInterface {
*/
DecryptionStream withOptions(ConsumerOptions consumerOptions) throws PGPException, IOException;
/**
* Decrypt the encrypted data using the secret keys found in the provided {@link PGPSecretKeyRingCollection}.
* Here it is assumed that the secret keys are not password protected.
* For password protected secret keys use {@link #decryptWith(SecretKeyRingProtector, PGPSecretKeyRingCollection)}
* and pass in a {@link org.pgpainless.key.protection.PasswordBasedSecretKeyRingProtector}.
*
* @param secretKeyRings secret keys
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addDecryptionKey(PGPSecretKeyRing, SecretKeyRingProtector)}
* ({@link #withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
default Verify decryptWith(@Nonnull PGPSecretKeyRingCollection secretKeyRings) {
return decryptWith(new UnprotectedKeysProtector(), secretKeyRings);
}
/**
* Decrypt the encrypted data using the secret keys found in the provided {@link PGPSecretKeyRingCollection}.
* The secret keys are being unlocked by the provided {@link SecretKeyRingProtector}.
*
* @param decryptor for unlocking locked secret keys
* @param secretKeyRings secret keys
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addDecryptionKey(PGPSecretKeyRing, SecretKeyRingProtector)}
* ({@link #withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
Verify decryptWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRingCollection secretKeyRings);
/**
* Decrypt the encrypted data using the provided {@link PGPSecretKeyRing}.
* The secret key is unlocked by the provided {@link SecretKeyRingProtector}.
*
* @param decryptor for unlocking locked secret key
* @param secretKeyRing secret key
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addDecryptionKey(PGPSecretKeyRing, SecretKeyRingProtector)}
* ({@link #withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
Verify decryptWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRing secretKeyRing)
throws PGPException, IOException;
/**
* Decrypt the encrypted data using a passphrase.
* Note: The passphrase MUST NOT be empty.
*
* @param passphrase passphrase
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addDecryptionPassphrase(Passphrase)}
* ({@link #withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
Verify decryptWith(@Nonnull Passphrase passphrase);
/**
* Do not attempt to decrypt the provided data.
* Useful for signature verification of signed-only data.
*
* @return api handle
*
* @deprecated use {@link #withOptions(ConsumerOptions)} instead and set no decryption keys.
*/
@Deprecated
Verify doNotDecrypt();
}
@Deprecated
interface Verify extends VerifyWith {
@Override
@Deprecated
HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRingCollection publicKeyRings);
@Override
@Deprecated
default HandleMissingPublicKeys verifyWith(@Nonnull OpenPgpV4Fingerprint trustedFingerprint,
@Nonnull PGPPublicKeyRingCollection publicKeyRings) {
return verifyWith(Collections.singleton(trustedFingerprint), publicKeyRings);
}
@Override
@Deprecated
HandleMissingPublicKeys verifyWith(@Nonnull Set<OpenPgpV4Fingerprint> trustedFingerprints,
@Nonnull PGPPublicKeyRingCollection publicKeyRings);
@Override
@Deprecated
default HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRing publicKeyRing) {
return verifyWith(Collections.singleton(publicKeyRing));
}
@Override
@Deprecated
HandleMissingPublicKeys verifyWith(@Nonnull Set<PGPPublicKeyRing> publicKeyRings);
/**
* Pass in one or more detached signatures to verify.
*
* @param bytes detached signatures (ascii armored or binary).
* @return api handle
* @throws IOException if some IO error occurs
* @throws PGPException if the detached signatures are malformed
*
* @deprecated use {@link ConsumerOptions#addVerificationOfDetachedSignature(PGPSignature)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
default VerifyWith verifyDetachedSignature(@Nonnull byte[] bytes) throws IOException, PGPException {
return verifyDetachedSignature(new ByteArrayInputStream(bytes));
}
/**
* Pass in one or more detached signatures to verify.
*
* @param inputStream detached signature (ascii armored or binary).
* @return api handle
* @throws IOException in case something is wrong with the input stream
* @throws PGPException if the detached signatures are malformed
*
* @deprecated use {@link ConsumerOptions#addVerificationOfDetachedSignature(PGPSignature)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
VerifyWith verifyDetachedSignature(@Nonnull InputStream inputStream) throws IOException, PGPException;
/**
* Pass in a detached signature to verify.
*
* @param signature detached signature
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addVerificationOfDetachedSignature(PGPSignature)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
default VerifyWith verifyDetachedSignature(@Nonnull PGPSignature signature) {
return verifyDetachedSignatures(Collections.singletonList(signature));
}
/**
* Pass in a list of detached signatures to verify.
*
* @param signatures detached signatures
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addVerificationOfDetachedSignature(PGPSignature)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
VerifyWith verifyDetachedSignatures(@Nonnull List<PGPSignature> signatures);
/**
* Instruct the {@link DecryptionStream} to not verify any signatures.
*
* @return api handle
*
* @deprecated use {@link DecryptWith#withOptions(ConsumerOptions)} instead and don't set verification keys.
*/
@Deprecated
Build doNotVerify();
}
@Deprecated
interface VerifyWith {
/**
* Pass in a collection of public keys to verify the signatures with.
*
* @param publicKeyRings public keys
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addVerificationCerts(PGPPublicKeyRingCollection)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRingCollection publicKeyRings);
/**
* Pass in a collection of public keys along with the fingerprint of the key that shall be used to
* verify the signatures.
*
* @param trustedFingerprint {@link OpenPgpV4Fingerprint} of the public key that shall be used to verify the signatures.
* @param publicKeyRings public keys
* @return api handle
* @deprecated use {@link ConsumerOptions#addVerificationCert(PGPPublicKeyRing)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
default HandleMissingPublicKeys verifyWith(@Nonnull OpenPgpV4Fingerprint trustedFingerprint,
@Nonnull PGPPublicKeyRingCollection publicKeyRings) {
return verifyWith(Collections.singleton(trustedFingerprint), publicKeyRings);
}
/**
* Pass in a collection of public keys along with a set of fingerprints of those keys that shall be used to
* verify the signatures.
*
* @param trustedFingerprints set of trusted {@link OpenPgpV4Fingerprint OpenPgpV4Fingerprints}.
* @param publicKeyRings public keys
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addVerificationCert(PGPPublicKeyRing)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
HandleMissingPublicKeys verifyWith(@Nonnull Set<OpenPgpV4Fingerprint> trustedFingerprints,
@Nonnull PGPPublicKeyRingCollection publicKeyRings);
/**
* Pass in a trusted public key ring to verify the signature with.
*
* @param publicKeyRing public key
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addVerificationCert(PGPPublicKeyRing)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
default HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRing publicKeyRing) {
return verifyWith(Collections.singleton(publicKeyRing));
}
/**
* Pass in a set of trusted public keys to verify the signatures with.
*
* @param publicKeyRings public keys
* @return api handle
*
* @deprecated use {@link ConsumerOptions#addVerificationCert(PGPPublicKeyRing)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
HandleMissingPublicKeys verifyWith(@Nonnull Set<PGPPublicKeyRing> publicKeyRings);
}
@Deprecated
interface HandleMissingPublicKeys {
/**
* Pass in a callback that can is used to request missing public keys.
*
* @param callback callback
* @return api handle
*
* @deprecated use {@link ConsumerOptions#setMissingCertificateCallback(MissingPublicKeyCallback)}
* ({@link DecryptWith#withOptions(ConsumerOptions)}) instead.
*/
@Deprecated
Build handleMissingPublicKeysWith(@Nonnull MissingPublicKeyCallback callback);
/**
* Instruct the {@link DecryptionStream} to ignore any missing public keys.
*
* @return api handle
*
* @deprecated simply do not set a {@link MissingPublicKeyCallback} and use
* {@link DecryptWith#withOptions(ConsumerOptions)} instead.
*/
@Deprecated
Build ignoreMissingPublicKeys();
}
@Deprecated
interface Build {
/**
* Build the configured {@link DecryptionStream}.
*
* @return the decryption stream
* @throws IOException in case of an I/O error
* @throws PGPException if something is malformed
* @throws org.pgpainless.exception.UnacceptableAlgorithmException if the message uses weak/unacceptable algorithms
*
* @deprecated use {@link DecryptWith#withOptions(ConsumerOptions)} instead.
*/
@Deprecated
DecryptionStream build() throws IOException, PGPException;
}
}