mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-26 06:12:06 +01:00
Refactor EncryptionStream
This commit is contained in:
parent
530a22ba0e
commit
ad070d0c34
GPG key ID:
62BEE9264BF17311
1 changed files with 110 additions and 78 deletions
|
|
@ -21,7 +21,6 @@ import java.io.OutputStream;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
|
|
@ -57,22 +56,26 @@ public final class EncryptionStream extends OutputStream {
|
||||||
|
|
||||||
private static final int BUFFER_SIZE = 1 << 8;
|
private static final int BUFFER_SIZE = 1 << 8;
|
||||||
|
|
||||||
|
private final SymmetricKeyAlgorithm symmetricKeyAlgorithm;
|
||||||
|
private final HashAlgorithm hashAlgorithm;
|
||||||
|
private final CompressionAlgorithm compressionAlgorithm;
|
||||||
|
private final Set<PGPPublicKey> encryptionKeys;
|
||||||
|
private final Set<PGPPrivateKey> signingKeys;
|
||||||
|
private final boolean asciiArmor;
|
||||||
|
|
||||||
private final OpenPgpMetadata.Builder resultBuilder = OpenPgpMetadata.getBuilder();
|
private final OpenPgpMetadata.Builder resultBuilder = OpenPgpMetadata.getBuilder();
|
||||||
|
|
||||||
private List<PGPSignatureGenerator> signatureGenerators = new ArrayList<>();
|
private List<PGPSignatureGenerator> signatureGenerators = new ArrayList<>();
|
||||||
private boolean closed = false;
|
private boolean closed = false;
|
||||||
|
|
||||||
// ASCII Armor
|
OutputStream outermostStream = null;
|
||||||
private ArmoredOutputStream armorOutputStream = null;
|
|
||||||
|
|
||||||
// Public Key Encryption of Symmetric Session Key
|
private ArmoredOutputStream armorOutputStream = null;
|
||||||
private OutputStream publicKeyEncryptedStream = null;
|
private OutputStream publicKeyEncryptedStream = null;
|
||||||
|
|
||||||
// Data Compression
|
|
||||||
private PGPCompressedDataGenerator compressedDataGenerator;
|
private PGPCompressedDataGenerator compressedDataGenerator;
|
||||||
private BCPGOutputStream basicCompressionStream;
|
private BCPGOutputStream basicCompressionStream;
|
||||||
|
|
||||||
// Literal Data
|
|
||||||
private PGPLiteralDataGenerator literalDataGenerator;
|
private PGPLiteralDataGenerator literalDataGenerator;
|
||||||
private OutputStream literalDataStream;
|
private OutputStream literalDataStream;
|
||||||
|
|
||||||
|
|
@ -85,68 +88,93 @@ public final class EncryptionStream extends OutputStream {
|
||||||
boolean asciiArmor)
|
boolean asciiArmor)
|
||||||
throws IOException, PGPException {
|
throws IOException, PGPException {
|
||||||
|
|
||||||
// Currently outermost Stream
|
this.symmetricKeyAlgorithm = symmetricKeyAlgorithm;
|
||||||
OutputStream outerMostStream;
|
this.hashAlgorithm = hashAlgorithm;
|
||||||
if (asciiArmor) {
|
this.compressionAlgorithm = compressionAlgorithm;
|
||||||
LOGGER.log(LEVEL, "Wrap encryption output in ASCII armor");
|
this.encryptionKeys = Collections.unmodifiableSet(encryptionKeys);
|
||||||
armorOutputStream = new ArmoredOutputStream(targetOutputStream);
|
this.signingKeys = Collections.unmodifiableSet(signingKeys);
|
||||||
outerMostStream = armorOutputStream;
|
this.asciiArmor = asciiArmor;
|
||||||
} else {
|
|
||||||
|
outermostStream = targetOutputStream;
|
||||||
|
prepareArmor();
|
||||||
|
prepareEncryption();
|
||||||
|
prepareSigning();
|
||||||
|
prepareCompression();
|
||||||
|
prepareOnePassSignatures();
|
||||||
|
prepareLiteralDataProcessing();
|
||||||
|
prepareResultBuilder();
|
||||||
|
}
|
||||||
|
|
||||||
|
private void prepareArmor() {
|
||||||
|
if (!asciiArmor) {
|
||||||
LOGGER.log(LEVEL, "Encryption output will be binary");
|
LOGGER.log(LEVEL, "Encryption output will be binary");
|
||||||
outerMostStream = targetOutputStream;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// If we want to encrypt
|
LOGGER.log(LEVEL, "Wrap encryption output in ASCII armor");
|
||||||
if (!encryptionKeys.isEmpty()) {
|
armorOutputStream = new ArmoredOutputStream(outermostStream);
|
||||||
LOGGER.log(LEVEL, "At least one encryption key is available -> encrypt using " + symmetricKeyAlgorithm);
|
outermostStream = armorOutputStream;
|
||||||
BcPGPDataEncryptorBuilder dataEncryptorBuilder =
|
}
|
||||||
new BcPGPDataEncryptorBuilder(symmetricKeyAlgorithm.getAlgorithmId());
|
|
||||||
|
|
||||||
LOGGER.log(LEVEL, "Integrity protection enabled");
|
private void prepareEncryption() throws IOException, PGPException {
|
||||||
dataEncryptorBuilder.setWithIntegrityPacket(true);
|
if (encryptionKeys.isEmpty()) {
|
||||||
|
return;
|
||||||
PGPEncryptedDataGenerator encryptedDataGenerator =
|
|
||||||
new PGPEncryptedDataGenerator(dataEncryptorBuilder);
|
|
||||||
|
|
||||||
for (PGPPublicKey key : encryptionKeys) {
|
|
||||||
LOGGER.log(LEVEL, "Encrypt for key " + Long.toHexString(key.getKeyID()));
|
|
||||||
encryptedDataGenerator.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(key));
|
|
||||||
}
|
|
||||||
|
|
||||||
publicKeyEncryptedStream = encryptedDataGenerator.open(outerMostStream, new byte[BUFFER_SIZE]);
|
|
||||||
outerMostStream = publicKeyEncryptedStream;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// If we want to sign, prepare for signing
|
LOGGER.log(LEVEL, "At least one encryption key is available -> encrypt using " + symmetricKeyAlgorithm);
|
||||||
if (!signingKeys.isEmpty()) {
|
BcPGPDataEncryptorBuilder dataEncryptorBuilder =
|
||||||
LOGGER.log(LEVEL, "At least one signing key is available -> sign " + hashAlgorithm + " hash of message");
|
new BcPGPDataEncryptorBuilder(symmetricKeyAlgorithm.getAlgorithmId());
|
||||||
for (PGPPrivateKey privateKey : signingKeys) {
|
|
||||||
LOGGER.log(LEVEL, "Sign using key " + Long.toHexString(privateKey.getKeyID()));
|
|
||||||
BcPGPContentSignerBuilder contentSignerBuilder = new BcPGPContentSignerBuilder(
|
|
||||||
privateKey.getPublicKeyPacket().getAlgorithm(), hashAlgorithm.getAlgorithmId());
|
|
||||||
|
|
||||||
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
|
dataEncryptorBuilder.setWithIntegrityPacket(true);
|
||||||
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
|
PGPEncryptedDataGenerator encryptedDataGenerator =
|
||||||
signatureGenerators.add(signatureGenerator);
|
new PGPEncryptedDataGenerator(dataEncryptorBuilder);
|
||||||
}
|
|
||||||
|
for (PGPPublicKey key : encryptionKeys) {
|
||||||
|
LOGGER.log(LEVEL, "Encrypt for key " + Long.toHexString(key.getKeyID()));
|
||||||
|
encryptedDataGenerator.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(key));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
publicKeyEncryptedStream = encryptedDataGenerator.open(outermostStream, new byte[BUFFER_SIZE]);
|
||||||
|
outermostStream = publicKeyEncryptedStream;
|
||||||
|
}
|
||||||
|
|
||||||
|
private void prepareSigning() throws PGPException {
|
||||||
|
if (signingKeys.isEmpty()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
LOGGER.log(LEVEL, "At least one signing key is available -> sign " + hashAlgorithm + " hash of message");
|
||||||
|
for (PGPPrivateKey privateKey : signingKeys) {
|
||||||
|
LOGGER.log(LEVEL, "Sign using key " + Long.toHexString(privateKey.getKeyID()));
|
||||||
|
BcPGPContentSignerBuilder contentSignerBuilder = new BcPGPContentSignerBuilder(
|
||||||
|
privateKey.getPublicKeyPacket().getAlgorithm(), hashAlgorithm.getAlgorithmId());
|
||||||
|
|
||||||
|
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
|
||||||
|
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
|
||||||
|
signatureGenerators.add(signatureGenerator);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void prepareCompression() throws IOException {
|
||||||
LOGGER.log(LEVEL, "Compress using " + compressionAlgorithm);
|
LOGGER.log(LEVEL, "Compress using " + compressionAlgorithm);
|
||||||
// Compression
|
|
||||||
compressedDataGenerator = new PGPCompressedDataGenerator(
|
compressedDataGenerator = new PGPCompressedDataGenerator(
|
||||||
compressionAlgorithm.getAlgorithmId());
|
compressionAlgorithm.getAlgorithmId());
|
||||||
basicCompressionStream = new BCPGOutputStream(compressedDataGenerator.open(outerMostStream));
|
basicCompressionStream = new BCPGOutputStream(compressedDataGenerator.open(outermostStream));
|
||||||
|
}
|
||||||
|
|
||||||
// If we want to sign, sign!
|
private void prepareOnePassSignatures() throws IOException, PGPException {
|
||||||
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
|
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
|
||||||
signatureGenerator.generateOnePassVersion(false).encode(basicCompressionStream);
|
signatureGenerator.generateOnePassVersion(false).encode(basicCompressionStream);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void prepareLiteralDataProcessing() throws IOException {
|
||||||
literalDataGenerator = new PGPLiteralDataGenerator();
|
literalDataGenerator = new PGPLiteralDataGenerator();
|
||||||
literalDataStream = literalDataGenerator.open(basicCompressionStream,
|
literalDataStream = literalDataGenerator.open(basicCompressionStream,
|
||||||
PGPLiteralData.BINARY, PGPLiteralData.CONSOLE, new Date(), new byte[BUFFER_SIZE]);
|
PGPLiteralData.BINARY, PGPLiteralData.CONSOLE, new Date(), new byte[BUFFER_SIZE]);
|
||||||
|
}
|
||||||
|
|
||||||
// Prepare result
|
private void prepareResultBuilder() {
|
||||||
for (PGPPublicKey recipient : encryptionKeys) {
|
for (PGPPublicKey recipient : encryptionKeys) {
|
||||||
resultBuilder.addRecipientKeyId(recipient.getKeyID());
|
resultBuilder.addRecipientKeyId(recipient.getKeyID());
|
||||||
}
|
}
|
||||||
|
|
@ -185,40 +213,44 @@ public final class EncryptionStream extends OutputStream {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void close() throws IOException {
|
public void close() throws IOException {
|
||||||
if (!closed) {
|
if (closed) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Literal Data
|
// Literal Data
|
||||||
literalDataStream.flush();
|
literalDataStream.flush();
|
||||||
literalDataStream.close();
|
literalDataStream.close();
|
||||||
literalDataGenerator.close();
|
literalDataGenerator.close();
|
||||||
|
|
||||||
// Signing
|
writeSignatures();
|
||||||
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
|
|
||||||
try {
|
// Compressed Data
|
||||||
PGPSignature signature = signatureGenerator.generate();
|
compressedDataGenerator.close();
|
||||||
signature.encode(basicCompressionStream);
|
|
||||||
resultBuilder.addSignature(signature);
|
// Public Key Encryption
|
||||||
resultBuilder.addUnverifiedSignatureKeyId(signature.getKeyID());
|
if (publicKeyEncryptedStream != null) {
|
||||||
} catch (PGPException e) {
|
publicKeyEncryptedStream.flush();
|
||||||
throw new IOException(e);
|
publicKeyEncryptedStream.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Armor
|
||||||
|
if (armorOutputStream != null) {
|
||||||
|
armorOutputStream.flush();
|
||||||
|
armorOutputStream.close();
|
||||||
|
}
|
||||||
|
closed = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
private void writeSignatures() throws IOException {
|
||||||
|
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
|
||||||
|
try {
|
||||||
|
PGPSignature signature = signatureGenerator.generate();
|
||||||
|
signature.encode(basicCompressionStream);
|
||||||
|
resultBuilder.addSignature(signature);
|
||||||
|
resultBuilder.addUnverifiedSignatureKeyId(signature.getKeyID());
|
||||||
|
} catch (PGPException e) {
|
||||||
|
throw new IOException(e);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Compressed Data
|
|
||||||
compressedDataGenerator.close();
|
|
||||||
|
|
||||||
// Public Key Encryption
|
|
||||||
if (publicKeyEncryptedStream != null) {
|
|
||||||
publicKeyEncryptedStream.flush();
|
|
||||||
publicKeyEncryptedStream.close();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Armor
|
|
||||||
if (armorOutputStream != null) {
|
|
||||||
armorOutputStream.flush();
|
|
||||||
armorOutputStream.close();
|
|
||||||
}
|
|
||||||
closed = true;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue