diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionBuilder.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionBuilder.java index 25e76057..26b49a03 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionBuilder.java +++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionBuilder.java @@ -17,43 +17,13 @@ package org.pgpainless.decryption_verification; import java.io.IOException; import java.io.InputStream; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; import javax.annotation.Nonnull; -import org.bouncycastle.bcpg.MarkerPacket; -import org.bouncycastle.openpgp.PGPCompressedData; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPObjectFactory; -import org.bouncycastle.openpgp.PGPPublicKeyRing; -import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; -import org.bouncycastle.openpgp.PGPSecretKeyRing; -import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; -import org.bouncycastle.openpgp.PGPSignature; -import org.bouncycastle.openpgp.PGPSignatureList; -import org.bouncycastle.openpgp.PGPUtil; -import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator; -import org.pgpainless.implementation.ImplementationFactory; -import org.pgpainless.key.OpenPgpV4Fingerprint; -import org.pgpainless.key.protection.SecretKeyRingProtector; -import org.pgpainless.util.Passphrase; public class DecryptionBuilder implements DecryptionBuilderInterface { private InputStream inputStream; - private PGPSecretKeyRingCollection decryptionKeys; - private SecretKeyRingProtector decryptionKeyDecryptor; - private Passphrase decryptionPassphrase; - private List detachedSignatures; - private Set verificationKeys = new HashSet<>(); - private MissingPublicKeyCallback missingPublicKeyCallback = null; - - private final KeyFingerPrintCalculator keyFingerPrintCalculator = - ImplementationFactory.getInstance().getKeyFingerprintCalculator(); @Override public DecryptWith onInputStream(@Nonnull InputStream inputStream) { @@ -71,184 +41,5 @@ public class DecryptionBuilder implements DecryptionBuilderInterface { return DecryptionStreamFactory.create(inputStream, consumerOptions); } - - @Override - public Verify decryptWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRingCollection secretKeyRings) { - DecryptionBuilder.this.decryptionKeys = secretKeyRings; - DecryptionBuilder.this.decryptionKeyDecryptor = decryptor; - return new VerifyImpl(); - } - - @Override - public Verify decryptWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRing secretKeyRing) throws PGPException, IOException { - DecryptionBuilder.this.decryptionKeys = new PGPSecretKeyRingCollection(Collections.singleton(secretKeyRing)); - DecryptionBuilder.this.decryptionKeyDecryptor = decryptor; - return new VerifyImpl(); - } - - @Override - public Verify decryptWith(@Nonnull Passphrase passphrase) { - if (passphrase.isEmpty()) { - throw new IllegalArgumentException("Passphrase MUST NOT be empty."); - } - DecryptionBuilder.this.decryptionPassphrase = passphrase; - return new VerifyImpl(); - } - - @Override - public Verify doNotDecrypt() { - DecryptionBuilder.this.decryptionKeys = null; - DecryptionBuilder.this.decryptionKeyDecryptor = null; - return new VerifyImpl(); - } - } - - class VerifyImpl implements Verify { - - @Override - public VerifyWith verifyDetachedSignature(@Nonnull InputStream inputStream) throws IOException, PGPException { - List signatures = new ArrayList<>(); - InputStream pgpIn = PGPUtil.getDecoderStream(inputStream); - PGPObjectFactory objectFactory = new PGPObjectFactory( - pgpIn, keyFingerPrintCalculator); - Object nextObject = objectFactory.nextObject(); - while (nextObject != null) { - if (nextObject instanceof MarkerPacket) { - nextObject = objectFactory.nextObject(); - continue; - } - if (nextObject instanceof PGPCompressedData) { - PGPCompressedData compressedData = (PGPCompressedData) nextObject; - objectFactory = new PGPObjectFactory(compressedData.getDataStream(), keyFingerPrintCalculator); - nextObject = objectFactory.nextObject(); - continue; - } - if (nextObject instanceof PGPSignatureList) { - PGPSignatureList signatureList = (PGPSignatureList) nextObject; - for (PGPSignature s : signatureList) { - signatures.add(s); - } - } - if (nextObject instanceof PGPSignature) { - signatures.add((PGPSignature) nextObject); - } - nextObject = objectFactory.nextObject(); - } - pgpIn.close(); - return verifyDetachedSignatures(signatures); - } - - @Override - public VerifyWith verifyDetachedSignatures(@Nonnull List signatures) { - DecryptionBuilder.this.detachedSignatures = signatures; - return new VerifyWithImpl(); - } - - @Override - public HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRingCollection publicKeyRings) { - return new VerifyWithImpl().verifyWith(publicKeyRings); - } - - @Override - public HandleMissingPublicKeys verifyWith(@Nonnull Set trustedFingerprints, - @Nonnull PGPPublicKeyRingCollection publicKeyRings) { - return new VerifyWithImpl().verifyWith(trustedFingerprints, publicKeyRings); - } - - @Override - public HandleMissingPublicKeys verifyWith(@Nonnull Set publicKeyRings) { - return new VerifyWithImpl().verifyWith(publicKeyRings); - } - - @Override - public Build doNotVerify() { - DecryptionBuilder.this.verificationKeys = null; - return new BuildImpl(); - } - } - - class VerifyWithImpl implements VerifyWith { - - @Override - public HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRingCollection publicKeyRingCollection) { - Set publicKeyRings = new HashSet<>(); - for (Iterator i = publicKeyRingCollection.getKeyRings(); i.hasNext(); ) { - publicKeyRings.add(i.next()); - } - return verifyWith(publicKeyRings); - } - - @Override - public HandleMissingPublicKeys verifyWith(@Nonnull Set trustedKeyIds, - @Nonnull PGPPublicKeyRingCollection publicKeyRingCollection) { - Set publicKeyRings = keyRingCollectionToSet(publicKeyRingCollection); - removeUntrustedPublicKeys(publicKeyRings, trustedKeyIds); - return verifyWith(publicKeyRings); - } - - private void removeUntrustedPublicKeys(Set publicKeyRings, Set trustedKeyIds) { - for (PGPPublicKeyRing p : new HashSet<>(publicKeyRings)) { - if (!trustedKeyIds.contains(new OpenPgpV4Fingerprint(p))) { - publicKeyRings.remove(p); - } - } - } - - private Set keyRingCollectionToSet(PGPPublicKeyRingCollection publicKeyRingCollection) { - Set publicKeyRings = new HashSet<>(); - for (Iterator i = publicKeyRingCollection.getKeyRings(); i.hasNext(); ) { - publicKeyRings.add(i.next()); - } - return publicKeyRings; - } - - @Override - public HandleMissingPublicKeys verifyWith(@Nonnull Set publicKeyRings) { - DecryptionBuilder.this.verificationKeys = publicKeyRings; - return new HandleMissingPublicKeysImpl(); - } - } - - class HandleMissingPublicKeysImpl implements HandleMissingPublicKeys { - - @Override - public Build handleMissingPublicKeysWith(@Nonnull MissingPublicKeyCallback callback) { - DecryptionBuilder.this.missingPublicKeyCallback = callback; - return new BuildImpl(); - } - - @Override - public Build ignoreMissingPublicKeys() { - DecryptionBuilder.this.missingPublicKeyCallback = null; - return new BuildImpl(); - } - } - - class BuildImpl implements Build { - - @Override - public DecryptionStream build() throws IOException, PGPException { - ConsumerOptions options = new ConsumerOptions(); - - for (PGPSecretKeyRing decryptionKey : (decryptionKeys != null ? decryptionKeys : Collections.emptyList())) { - options.addDecryptionKey(decryptionKey, decryptionKeyDecryptor); - } - - for (PGPPublicKeyRing certificate : (verificationKeys != null ? verificationKeys : Collections.emptyList())) { - options.addVerificationCert(certificate); - } - - for (PGPSignature detachedSignature : (detachedSignatures != null ? detachedSignatures : Collections.emptyList())) { - options.addVerificationOfDetachedSignature(detachedSignature); - } - - options.setMissingCertificateCallback(missingPublicKeyCallback); - - if (decryptionPassphrase != null) { - options.addDecryptionPassphrase(decryptionPassphrase); - } - - return DecryptionStreamFactory.create(inputStream, options); - } } } diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionBuilderInterface.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionBuilderInterface.java index 0b9a89e5..4d5e1905 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionBuilderInterface.java +++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionBuilderInterface.java @@ -15,24 +15,11 @@ */ package org.pgpainless.decryption_verification; -import javax.annotation.Nonnull; -import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.util.Collections; -import java.util.List; -import java.util.Set; +import javax.annotation.Nonnull; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKeyRing; -import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; -import org.bouncycastle.openpgp.PGPSecretKeyRing; -import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; -import org.bouncycastle.openpgp.PGPSignature; -import org.pgpainless.key.OpenPgpV4Fingerprint; -import org.pgpainless.key.protection.SecretKeyRingProtector; -import org.pgpainless.key.protection.UnprotectedKeysProtector; -import org.pgpainless.util.Passphrase; public interface DecryptionBuilderInterface { @@ -56,291 +43,5 @@ public interface DecryptionBuilderInterface { */ DecryptionStream withOptions(ConsumerOptions consumerOptions) throws PGPException, IOException; - /** - * Decrypt the encrypted data using the secret keys found in the provided {@link PGPSecretKeyRingCollection}. - * Here it is assumed that the secret keys are not password protected. - * For password protected secret keys use {@link #decryptWith(SecretKeyRingProtector, PGPSecretKeyRingCollection)} - * and pass in a {@link org.pgpainless.key.protection.PasswordBasedSecretKeyRingProtector}. - * - * @param secretKeyRings secret keys - * @return api handle - * - * @deprecated use {@link ConsumerOptions#addDecryptionKey(PGPSecretKeyRing, SecretKeyRingProtector)} - * ({@link #withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - default Verify decryptWith(@Nonnull PGPSecretKeyRingCollection secretKeyRings) { - return decryptWith(new UnprotectedKeysProtector(), secretKeyRings); - } - - /** - * Decrypt the encrypted data using the secret keys found in the provided {@link PGPSecretKeyRingCollection}. - * The secret keys are being unlocked by the provided {@link SecretKeyRingProtector}. - * - * @param decryptor for unlocking locked secret keys - * @param secretKeyRings secret keys - * @return api handle - * - * @deprecated use {@link ConsumerOptions#addDecryptionKey(PGPSecretKeyRing, SecretKeyRingProtector)} - * ({@link #withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - Verify decryptWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRingCollection secretKeyRings); - - /** - * Decrypt the encrypted data using the provided {@link PGPSecretKeyRing}. - * The secret key is unlocked by the provided {@link SecretKeyRingProtector}. - * - * @param decryptor for unlocking locked secret key - * @param secretKeyRing secret key - * @return api handle - * - * @deprecated use {@link ConsumerOptions#addDecryptionKey(PGPSecretKeyRing, SecretKeyRingProtector)} - * ({@link #withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - Verify decryptWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRing secretKeyRing) - throws PGPException, IOException; - - /** - * Decrypt the encrypted data using a passphrase. - * Note: The passphrase MUST NOT be empty. - * - * @param passphrase passphrase - * @return api handle - * - * @deprecated use {@link ConsumerOptions#addDecryptionPassphrase(Passphrase)} - * ({@link #withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - Verify decryptWith(@Nonnull Passphrase passphrase); - - /** - * Do not attempt to decrypt the provided data. - * Useful for signature verification of signed-only data. - * - * @return api handle - * - * @deprecated use {@link #withOptions(ConsumerOptions)} instead and set no decryption keys. - */ - @Deprecated - Verify doNotDecrypt(); - } - - @Deprecated - interface Verify extends VerifyWith { - - @Override - @Deprecated - HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRingCollection publicKeyRings); - - @Override - @Deprecated - default HandleMissingPublicKeys verifyWith(@Nonnull OpenPgpV4Fingerprint trustedFingerprint, - @Nonnull PGPPublicKeyRingCollection publicKeyRings) { - return verifyWith(Collections.singleton(trustedFingerprint), publicKeyRings); - } - - @Override - @Deprecated - HandleMissingPublicKeys verifyWith(@Nonnull Set trustedFingerprints, - @Nonnull PGPPublicKeyRingCollection publicKeyRings); - - @Override - @Deprecated - default HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRing publicKeyRing) { - return verifyWith(Collections.singleton(publicKeyRing)); - } - - @Override - @Deprecated - HandleMissingPublicKeys verifyWith(@Nonnull Set publicKeyRings); - - /** - * Pass in one or more detached signatures to verify. - * - * @param bytes detached signatures (ascii armored or binary). - * @return api handle - * @throws IOException if some IO error occurs - * @throws PGPException if the detached signatures are malformed - * - * @deprecated use {@link ConsumerOptions#addVerificationOfDetachedSignature(PGPSignature)} - * ({@link DecryptWith#withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - default VerifyWith verifyDetachedSignature(@Nonnull byte[] bytes) throws IOException, PGPException { - return verifyDetachedSignature(new ByteArrayInputStream(bytes)); - } - - /** - * Pass in one or more detached signatures to verify. - * - * @param inputStream detached signature (ascii armored or binary). - * @return api handle - * @throws IOException in case something is wrong with the input stream - * @throws PGPException if the detached signatures are malformed - * - * @deprecated use {@link ConsumerOptions#addVerificationOfDetachedSignature(PGPSignature)} - * ({@link DecryptWith#withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - VerifyWith verifyDetachedSignature(@Nonnull InputStream inputStream) throws IOException, PGPException; - - /** - * Pass in a detached signature to verify. - * - * @param signature detached signature - * @return api handle - * - * @deprecated use {@link ConsumerOptions#addVerificationOfDetachedSignature(PGPSignature)} - * ({@link DecryptWith#withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - default VerifyWith verifyDetachedSignature(@Nonnull PGPSignature signature) { - return verifyDetachedSignatures(Collections.singletonList(signature)); - } - - /** - * Pass in a list of detached signatures to verify. - * - * @param signatures detached signatures - * @return api handle - * - * @deprecated use {@link ConsumerOptions#addVerificationOfDetachedSignature(PGPSignature)} - * ({@link DecryptWith#withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - VerifyWith verifyDetachedSignatures(@Nonnull List signatures); - - /** - * Instruct the {@link DecryptionStream} to not verify any signatures. - * - * @return api handle - * - * @deprecated use {@link DecryptWith#withOptions(ConsumerOptions)} instead and don't set verification keys. - */ - @Deprecated - Build doNotVerify(); - } - - @Deprecated - interface VerifyWith { - - /** - * Pass in a collection of public keys to verify the signatures with. - * - * @param publicKeyRings public keys - * @return api handle - * - * @deprecated use {@link ConsumerOptions#addVerificationCerts(PGPPublicKeyRingCollection)} - * ({@link DecryptWith#withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRingCollection publicKeyRings); - - /** - * Pass in a collection of public keys along with the fingerprint of the key that shall be used to - * verify the signatures. - * - * @param trustedFingerprint {@link OpenPgpV4Fingerprint} of the public key that shall be used to verify the signatures. - * @param publicKeyRings public keys - * @return api handle - * @deprecated use {@link ConsumerOptions#addVerificationCert(PGPPublicKeyRing)} - * ({@link DecryptWith#withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - default HandleMissingPublicKeys verifyWith(@Nonnull OpenPgpV4Fingerprint trustedFingerprint, - @Nonnull PGPPublicKeyRingCollection publicKeyRings) { - return verifyWith(Collections.singleton(trustedFingerprint), publicKeyRings); - } - - /** - * Pass in a collection of public keys along with a set of fingerprints of those keys that shall be used to - * verify the signatures. - * - * @param trustedFingerprints set of trusted {@link OpenPgpV4Fingerprint OpenPgpV4Fingerprints}. - * @param publicKeyRings public keys - * @return api handle - * - * @deprecated use {@link ConsumerOptions#addVerificationCert(PGPPublicKeyRing)} - * ({@link DecryptWith#withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - HandleMissingPublicKeys verifyWith(@Nonnull Set trustedFingerprints, - @Nonnull PGPPublicKeyRingCollection publicKeyRings); - - /** - * Pass in a trusted public key ring to verify the signature with. - * - * @param publicKeyRing public key - * @return api handle - * - * @deprecated use {@link ConsumerOptions#addVerificationCert(PGPPublicKeyRing)} - * ({@link DecryptWith#withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - default HandleMissingPublicKeys verifyWith(@Nonnull PGPPublicKeyRing publicKeyRing) { - return verifyWith(Collections.singleton(publicKeyRing)); - } - - /** - * Pass in a set of trusted public keys to verify the signatures with. - * - * @param publicKeyRings public keys - * @return api handle - * - * @deprecated use {@link ConsumerOptions#addVerificationCert(PGPPublicKeyRing)} - * ({@link DecryptWith#withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - HandleMissingPublicKeys verifyWith(@Nonnull Set publicKeyRings); - - } - - @Deprecated - interface HandleMissingPublicKeys { - - /** - * Pass in a callback that can is used to request missing public keys. - * - * @param callback callback - * @return api handle - * - * @deprecated use {@link ConsumerOptions#setMissingCertificateCallback(MissingPublicKeyCallback)} - * ({@link DecryptWith#withOptions(ConsumerOptions)}) instead. - */ - @Deprecated - Build handleMissingPublicKeysWith(@Nonnull MissingPublicKeyCallback callback); - - /** - * Instruct the {@link DecryptionStream} to ignore any missing public keys. - * - * @return api handle - * - * @deprecated simply do not set a {@link MissingPublicKeyCallback} and use - * {@link DecryptWith#withOptions(ConsumerOptions)} instead. - */ - @Deprecated - Build ignoreMissingPublicKeys(); - } - - @Deprecated - interface Build { - - /** - * Build the configured {@link DecryptionStream}. - * - * @return the decryption stream - * @throws IOException in case of an I/O error - * @throws PGPException if something is malformed - * @throws org.pgpainless.exception.UnacceptableAlgorithmException if the message uses weak/unacceptable algorithms - * - * @deprecated use {@link DecryptWith#withOptions(ConsumerOptions)} instead. - */ - @Deprecated - DecryptionStream build() throws IOException, PGPException; - - } - }