1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-29 15:52:08 +01:00

Refactor EncryptionStream

This commit is contained in:
Paul Schaub 2020-01-10 15:43:22 +01:00
parent 530a22ba0e
commit ad070d0c34
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -21,7 +21,6 @@ import java.io.OutputStream;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.Date; import java.util.Date;
import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import java.util.logging.Level; import java.util.logging.Level;
@ -57,22 +56,26 @@ public final class EncryptionStream extends OutputStream {
private static final int BUFFER_SIZE = 1 << 8; private static final int BUFFER_SIZE = 1 << 8;
private final SymmetricKeyAlgorithm symmetricKeyAlgorithm;
private final HashAlgorithm hashAlgorithm;
private final CompressionAlgorithm compressionAlgorithm;
private final Set<PGPPublicKey> encryptionKeys;
private final Set<PGPPrivateKey> signingKeys;
private final boolean asciiArmor;
private final OpenPgpMetadata.Builder resultBuilder = OpenPgpMetadata.getBuilder(); private final OpenPgpMetadata.Builder resultBuilder = OpenPgpMetadata.getBuilder();
private List<PGPSignatureGenerator> signatureGenerators = new ArrayList<>(); private List<PGPSignatureGenerator> signatureGenerators = new ArrayList<>();
private boolean closed = false; private boolean closed = false;
// ASCII Armor OutputStream outermostStream = null;
private ArmoredOutputStream armorOutputStream = null;
// Public Key Encryption of Symmetric Session Key private ArmoredOutputStream armorOutputStream = null;
private OutputStream publicKeyEncryptedStream = null; private OutputStream publicKeyEncryptedStream = null;
// Data Compression
private PGPCompressedDataGenerator compressedDataGenerator; private PGPCompressedDataGenerator compressedDataGenerator;
private BCPGOutputStream basicCompressionStream; private BCPGOutputStream basicCompressionStream;
// Literal Data
private PGPLiteralDataGenerator literalDataGenerator; private PGPLiteralDataGenerator literalDataGenerator;
private OutputStream literalDataStream; private OutputStream literalDataStream;
@ -85,68 +88,93 @@ public final class EncryptionStream extends OutputStream {
boolean asciiArmor) boolean asciiArmor)
throws IOException, PGPException { throws IOException, PGPException {
// Currently outermost Stream this.symmetricKeyAlgorithm = symmetricKeyAlgorithm;
OutputStream outerMostStream; this.hashAlgorithm = hashAlgorithm;
if (asciiArmor) { this.compressionAlgorithm = compressionAlgorithm;
LOGGER.log(LEVEL, "Wrap encryption output in ASCII armor"); this.encryptionKeys = Collections.unmodifiableSet(encryptionKeys);
armorOutputStream = new ArmoredOutputStream(targetOutputStream); this.signingKeys = Collections.unmodifiableSet(signingKeys);
outerMostStream = armorOutputStream; this.asciiArmor = asciiArmor;
} else {
outermostStream = targetOutputStream;
prepareArmor();
prepareEncryption();
prepareSigning();
prepareCompression();
prepareOnePassSignatures();
prepareLiteralDataProcessing();
prepareResultBuilder();
}
private void prepareArmor() {
if (!asciiArmor) {
LOGGER.log(LEVEL, "Encryption output will be binary"); LOGGER.log(LEVEL, "Encryption output will be binary");
outerMostStream = targetOutputStream; return;
} }
// If we want to encrypt LOGGER.log(LEVEL, "Wrap encryption output in ASCII armor");
if (!encryptionKeys.isEmpty()) { armorOutputStream = new ArmoredOutputStream(outermostStream);
LOGGER.log(LEVEL, "At least one encryption key is available -> encrypt using " + symmetricKeyAlgorithm); outermostStream = armorOutputStream;
BcPGPDataEncryptorBuilder dataEncryptorBuilder = }
new BcPGPDataEncryptorBuilder(symmetricKeyAlgorithm.getAlgorithmId());
LOGGER.log(LEVEL, "Integrity protection enabled"); private void prepareEncryption() throws IOException, PGPException {
dataEncryptorBuilder.setWithIntegrityPacket(true); if (encryptionKeys.isEmpty()) {
return;
PGPEncryptedDataGenerator encryptedDataGenerator =
new PGPEncryptedDataGenerator(dataEncryptorBuilder);
for (PGPPublicKey key : encryptionKeys) {
LOGGER.log(LEVEL, "Encrypt for key " + Long.toHexString(key.getKeyID()));
encryptedDataGenerator.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(key));
}
publicKeyEncryptedStream = encryptedDataGenerator.open(outerMostStream, new byte[BUFFER_SIZE]);
outerMostStream = publicKeyEncryptedStream;
} }
// If we want to sign, prepare for signing LOGGER.log(LEVEL, "At least one encryption key is available -> encrypt using " + symmetricKeyAlgorithm);
if (!signingKeys.isEmpty()) { BcPGPDataEncryptorBuilder dataEncryptorBuilder =
LOGGER.log(LEVEL, "At least one signing key is available -> sign " + hashAlgorithm + " hash of message"); new BcPGPDataEncryptorBuilder(symmetricKeyAlgorithm.getAlgorithmId());
for (PGPPrivateKey privateKey : signingKeys) {
LOGGER.log(LEVEL, "Sign using key " + Long.toHexString(privateKey.getKeyID()));
BcPGPContentSignerBuilder contentSignerBuilder = new BcPGPContentSignerBuilder(
privateKey.getPublicKeyPacket().getAlgorithm(), hashAlgorithm.getAlgorithmId());
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder); dataEncryptorBuilder.setWithIntegrityPacket(true);
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey); PGPEncryptedDataGenerator encryptedDataGenerator =
signatureGenerators.add(signatureGenerator); new PGPEncryptedDataGenerator(dataEncryptorBuilder);
}
for (PGPPublicKey key : encryptionKeys) {
LOGGER.log(LEVEL, "Encrypt for key " + Long.toHexString(key.getKeyID()));
encryptedDataGenerator.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(key));
} }
publicKeyEncryptedStream = encryptedDataGenerator.open(outermostStream, new byte[BUFFER_SIZE]);
outermostStream = publicKeyEncryptedStream;
}
private void prepareSigning() throws PGPException {
if (signingKeys.isEmpty()) {
return;
}
LOGGER.log(LEVEL, "At least one signing key is available -> sign " + hashAlgorithm + " hash of message");
for (PGPPrivateKey privateKey : signingKeys) {
LOGGER.log(LEVEL, "Sign using key " + Long.toHexString(privateKey.getKeyID()));
BcPGPContentSignerBuilder contentSignerBuilder = new BcPGPContentSignerBuilder(
privateKey.getPublicKeyPacket().getAlgorithm(), hashAlgorithm.getAlgorithmId());
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
signatureGenerators.add(signatureGenerator);
}
}
private void prepareCompression() throws IOException {
LOGGER.log(LEVEL, "Compress using " + compressionAlgorithm); LOGGER.log(LEVEL, "Compress using " + compressionAlgorithm);
// Compression
compressedDataGenerator = new PGPCompressedDataGenerator( compressedDataGenerator = new PGPCompressedDataGenerator(
compressionAlgorithm.getAlgorithmId()); compressionAlgorithm.getAlgorithmId());
basicCompressionStream = new BCPGOutputStream(compressedDataGenerator.open(outerMostStream)); basicCompressionStream = new BCPGOutputStream(compressedDataGenerator.open(outermostStream));
}
// If we want to sign, sign! private void prepareOnePassSignatures() throws IOException, PGPException {
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) { for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
signatureGenerator.generateOnePassVersion(false).encode(basicCompressionStream); signatureGenerator.generateOnePassVersion(false).encode(basicCompressionStream);
} }
}
private void prepareLiteralDataProcessing() throws IOException {
literalDataGenerator = new PGPLiteralDataGenerator(); literalDataGenerator = new PGPLiteralDataGenerator();
literalDataStream = literalDataGenerator.open(basicCompressionStream, literalDataStream = literalDataGenerator.open(basicCompressionStream,
PGPLiteralData.BINARY, PGPLiteralData.CONSOLE, new Date(), new byte[BUFFER_SIZE]); PGPLiteralData.BINARY, PGPLiteralData.CONSOLE, new Date(), new byte[BUFFER_SIZE]);
}
// Prepare result private void prepareResultBuilder() {
for (PGPPublicKey recipient : encryptionKeys) { for (PGPPublicKey recipient : encryptionKeys) {
resultBuilder.addRecipientKeyId(recipient.getKeyID()); resultBuilder.addRecipientKeyId(recipient.getKeyID());
} }
@ -185,40 +213,44 @@ public final class EncryptionStream extends OutputStream {
@Override @Override
public void close() throws IOException { public void close() throws IOException {
if (!closed) { if (closed) {
return;
}
// Literal Data // Literal Data
literalDataStream.flush(); literalDataStream.flush();
literalDataStream.close(); literalDataStream.close();
literalDataGenerator.close(); literalDataGenerator.close();
// Signing writeSignatures();
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
try { // Compressed Data
PGPSignature signature = signatureGenerator.generate(); compressedDataGenerator.close();
signature.encode(basicCompressionStream);
resultBuilder.addSignature(signature); // Public Key Encryption
resultBuilder.addUnverifiedSignatureKeyId(signature.getKeyID()); if (publicKeyEncryptedStream != null) {
} catch (PGPException e) { publicKeyEncryptedStream.flush();
throw new IOException(e); publicKeyEncryptedStream.close();
} }
// Armor
if (armorOutputStream != null) {
armorOutputStream.flush();
armorOutputStream.close();
}
closed = true;
}
private void writeSignatures() throws IOException {
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
try {
PGPSignature signature = signatureGenerator.generate();
signature.encode(basicCompressionStream);
resultBuilder.addSignature(signature);
resultBuilder.addUnverifiedSignatureKeyId(signature.getKeyID());
} catch (PGPException e) {
throw new IOException(e);
} }
// Compressed Data
compressedDataGenerator.close();
// Public Key Encryption
if (publicKeyEncryptedStream != null) {
publicKeyEncryptedStream.flush();
publicKeyEncryptedStream.close();
}
// Armor
if (armorOutputStream != null) {
armorOutputStream.flush();
armorOutputStream.close();
}
closed = true;
} }
} }