mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-19 02:42:05 +01:00
Kotlin conversion: EncryptionStream
This commit is contained in:
parent
9ee29f7a53
commit
ea57c4aec0
2 changed files with 251 additions and 313 deletions
|
@ -1,313 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2018 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package org.pgpainless.encryption_signing;
|
|
||||||
|
|
||||||
import java.io.BufferedOutputStream;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.OutputStream;
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Set;
|
|
||||||
import javax.annotation.Nonnull;
|
|
||||||
|
|
||||||
import org.bouncycastle.bcpg.ArmoredOutputStream;
|
|
||||||
import org.bouncycastle.bcpg.BCPGOutputStream;
|
|
||||||
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
|
|
||||||
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
|
||||||
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
|
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
|
||||||
import org.bouncycastle.openpgp.PGPSignatureGenerator;
|
|
||||||
import org.bouncycastle.openpgp.operator.PGPDataEncryptorBuilder;
|
|
||||||
import org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator;
|
|
||||||
import org.pgpainless.algorithm.CompressionAlgorithm;
|
|
||||||
import org.pgpainless.algorithm.HashAlgorithm;
|
|
||||||
import org.pgpainless.algorithm.StreamEncoding;
|
|
||||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
|
||||||
import org.pgpainless.key.SubkeyIdentifier;
|
|
||||||
import org.pgpainless.util.ArmoredOutputStreamFactory;
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* OutputStream that produces an OpenPGP message. The message can be encrypted, signed, or both,
|
|
||||||
* depending on its configuration.
|
|
||||||
*
|
|
||||||
* This class is based upon Jens Neuhalfen's Bouncy-GPG PGPEncryptingStream.
|
|
||||||
* @see <a href="https://github.com/neuhalje/bouncy-gpg/blob/master/src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/encrypting/PGPEncryptingStream.java">Source</a>
|
|
||||||
*/
|
|
||||||
public final class EncryptionStream extends OutputStream {
|
|
||||||
|
|
||||||
private static final Logger LOGGER = LoggerFactory.getLogger(EncryptionStream.class);
|
|
||||||
|
|
||||||
private final ProducerOptions options;
|
|
||||||
private final EncryptionResult.Builder resultBuilder = EncryptionResult.builder();
|
|
||||||
|
|
||||||
private boolean closed = false;
|
|
||||||
// 1 << 8 causes wrong partial body length encoding
|
|
||||||
// 1 << 9 fixes this.
|
|
||||||
// see https://github.com/pgpainless/pgpainless/issues/160
|
|
||||||
private static final int BUFFER_SIZE = 1 << 9;
|
|
||||||
|
|
||||||
OutputStream outermostStream;
|
|
||||||
OutputStream signatureLayerStream;
|
|
||||||
|
|
||||||
private ArmoredOutputStream armorOutputStream = null;
|
|
||||||
private OutputStream publicKeyEncryptedStream = null;
|
|
||||||
private PGPCompressedDataGenerator compressedDataGenerator;
|
|
||||||
private BCPGOutputStream basicCompressionStream;
|
|
||||||
private PGPLiteralDataGenerator literalDataGenerator;
|
|
||||||
private OutputStream literalDataStream;
|
|
||||||
|
|
||||||
EncryptionStream(@Nonnull OutputStream targetOutputStream,
|
|
||||||
@Nonnull ProducerOptions options)
|
|
||||||
throws IOException, PGPException {
|
|
||||||
this.options = options;
|
|
||||||
outermostStream = targetOutputStream;
|
|
||||||
|
|
||||||
prepareArmor();
|
|
||||||
prepareEncryption();
|
|
||||||
prepareCompression();
|
|
||||||
prepareOnePassSignatures();
|
|
||||||
prepareLiteralDataProcessing();
|
|
||||||
prepareSigningStream();
|
|
||||||
prepareInputEncoding();
|
|
||||||
}
|
|
||||||
|
|
||||||
private void prepareArmor() {
|
|
||||||
if (!options.isAsciiArmor()) {
|
|
||||||
LOGGER.debug("Output will be unarmored");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// ArmoredOutputStream better be buffered
|
|
||||||
outermostStream = new BufferedOutputStream(outermostStream);
|
|
||||||
|
|
||||||
LOGGER.debug("Wrap encryption output in ASCII armor");
|
|
||||||
armorOutputStream = ArmoredOutputStreamFactory.get(outermostStream, options);
|
|
||||||
outermostStream = armorOutputStream;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void prepareEncryption() throws IOException, PGPException {
|
|
||||||
EncryptionOptions encryptionOptions = options.getEncryptionOptions();
|
|
||||||
if (encryptionOptions == null || encryptionOptions.getEncryptionMethods().isEmpty()) {
|
|
||||||
// No encryption options/methods -> no encryption
|
|
||||||
resultBuilder.setEncryptionAlgorithm(SymmetricKeyAlgorithm.NULL);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
SymmetricKeyAlgorithm encryptionAlgorithm = EncryptionBuilder.negotiateSymmetricEncryptionAlgorithm(encryptionOptions);
|
|
||||||
resultBuilder.setEncryptionAlgorithm(encryptionAlgorithm);
|
|
||||||
LOGGER.debug("Encrypt message using {}", encryptionAlgorithm);
|
|
||||||
PGPDataEncryptorBuilder dataEncryptorBuilder =
|
|
||||||
ImplementationFactory.getInstance().getPGPDataEncryptorBuilder(encryptionAlgorithm);
|
|
||||||
dataEncryptorBuilder.setWithIntegrityPacket(true);
|
|
||||||
|
|
||||||
PGPEncryptedDataGenerator encryptedDataGenerator =
|
|
||||||
new PGPEncryptedDataGenerator(dataEncryptorBuilder);
|
|
||||||
for (PGPKeyEncryptionMethodGenerator encryptionMethod : encryptionOptions.getEncryptionMethods()) {
|
|
||||||
encryptedDataGenerator.addMethod(encryptionMethod);
|
|
||||||
}
|
|
||||||
|
|
||||||
for (SubkeyIdentifier recipientSubkeyIdentifier : encryptionOptions.getEncryptionKeyIdentifiers()) {
|
|
||||||
resultBuilder.addRecipient(recipientSubkeyIdentifier);
|
|
||||||
}
|
|
||||||
|
|
||||||
publicKeyEncryptedStream = encryptedDataGenerator.open(outermostStream, new byte[BUFFER_SIZE]);
|
|
||||||
outermostStream = publicKeyEncryptedStream;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void prepareCompression() throws IOException {
|
|
||||||
CompressionAlgorithm compressionAlgorithm = EncryptionBuilder.negotiateCompressionAlgorithm(options);
|
|
||||||
resultBuilder.setCompressionAlgorithm(compressionAlgorithm);
|
|
||||||
compressedDataGenerator = new PGPCompressedDataGenerator(
|
|
||||||
compressionAlgorithm.getAlgorithmId());
|
|
||||||
if (compressionAlgorithm == CompressionAlgorithm.UNCOMPRESSED) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
LOGGER.debug("Compress using {}", compressionAlgorithm);
|
|
||||||
basicCompressionStream = new BCPGOutputStream(compressedDataGenerator.open(outermostStream));
|
|
||||||
outermostStream = basicCompressionStream;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void prepareOnePassSignatures() throws IOException, PGPException {
|
|
||||||
signatureLayerStream = outermostStream;
|
|
||||||
SigningOptions signingOptions = options.getSigningOptions();
|
|
||||||
if (signingOptions == null || signingOptions.getSigningMethods().isEmpty()) {
|
|
||||||
// No singing options/methods -> no signing
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
int sigIndex = 0;
|
|
||||||
for (SubkeyIdentifier identifier : signingOptions.getSigningMethods().keySet()) {
|
|
||||||
sigIndex++;
|
|
||||||
SigningOptions.SigningMethod signingMethod = signingOptions.getSigningMethods().get(identifier);
|
|
||||||
|
|
||||||
if (!signingMethod.isDetached()) {
|
|
||||||
PGPSignatureGenerator signatureGenerator = signingMethod.getSignatureGenerator();
|
|
||||||
// The last sig is not nested, all others are
|
|
||||||
boolean nested = sigIndex != signingOptions.getSigningMethods().size();
|
|
||||||
signatureGenerator.generateOnePassVersion(nested).encode(outermostStream);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void prepareLiteralDataProcessing() throws IOException {
|
|
||||||
if (options.isCleartextSigned()) {
|
|
||||||
int[] algorithmIds = collectHashAlgorithmsForCleartextSigning();
|
|
||||||
armorOutputStream.beginClearText(algorithmIds);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
literalDataGenerator = new PGPLiteralDataGenerator();
|
|
||||||
literalDataStream = literalDataGenerator.open(outermostStream, options.getEncoding().getCode(),
|
|
||||||
options.getFileName(), options.getModificationDate(), new byte[BUFFER_SIZE]);
|
|
||||||
outermostStream = literalDataStream;
|
|
||||||
|
|
||||||
resultBuilder.setFileName(options.getFileName())
|
|
||||||
.setModificationDate(options.getModificationDate())
|
|
||||||
.setFileEncoding(options.getEncoding());
|
|
||||||
}
|
|
||||||
|
|
||||||
public void prepareSigningStream() {
|
|
||||||
outermostStream = new SignatureGenerationStream(outermostStream, options.getSigningOptions());
|
|
||||||
}
|
|
||||||
|
|
||||||
public void prepareInputEncoding() {
|
|
||||||
// By buffering here, we drastically improve performance
|
|
||||||
// Reason is that CRLFGeneratorStream only implements write(int), so we need BufferedOutputStream to
|
|
||||||
// "convert" to write(buf) calls again
|
|
||||||
BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(outermostStream);
|
|
||||||
CRLFGeneratorStream crlfGeneratorStream = new CRLFGeneratorStream(bufferedOutputStream,
|
|
||||||
options.isApplyCRLFEncoding() ? StreamEncoding.UTF8 : StreamEncoding.BINARY);
|
|
||||||
outermostStream = crlfGeneratorStream;
|
|
||||||
}
|
|
||||||
|
|
||||||
private int[] collectHashAlgorithmsForCleartextSigning() {
|
|
||||||
SigningOptions signOpts = options.getSigningOptions();
|
|
||||||
Set<HashAlgorithm> hashAlgorithms = new HashSet<>();
|
|
||||||
if (signOpts != null) {
|
|
||||||
for (SigningOptions.SigningMethod method : signOpts.getSigningMethods().values()) {
|
|
||||||
hashAlgorithms.add(method.getHashAlgorithm());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
int[] algorithmIds = new int[hashAlgorithms.size()];
|
|
||||||
Iterator<HashAlgorithm> iterator = hashAlgorithms.iterator();
|
|
||||||
for (int i = 0; i < algorithmIds.length; i++) {
|
|
||||||
algorithmIds[i] = iterator.next().getAlgorithmId();
|
|
||||||
}
|
|
||||||
|
|
||||||
return algorithmIds;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void write(int data) throws IOException {
|
|
||||||
outermostStream.write(data);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void write(@Nonnull byte[] buffer) throws IOException {
|
|
||||||
write(buffer, 0, buffer.length);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void write(@Nonnull byte[] buffer, int off, int len) throws IOException {
|
|
||||||
outermostStream.write(buffer, 0, len);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void flush() throws IOException {
|
|
||||||
outermostStream.flush();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void close() throws IOException {
|
|
||||||
if (closed) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
outermostStream.close();
|
|
||||||
|
|
||||||
// Literal Data
|
|
||||||
if (literalDataStream != null) {
|
|
||||||
literalDataStream.flush();
|
|
||||||
literalDataStream.close();
|
|
||||||
}
|
|
||||||
if (literalDataGenerator != null) {
|
|
||||||
literalDataGenerator.close();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (options.isCleartextSigned()) {
|
|
||||||
// Add linebreak between body and signatures
|
|
||||||
// TODO: We should only add this line if required.
|
|
||||||
// I.e. if the message already ends with \n, don't add another linebreak.
|
|
||||||
armorOutputStream.write('\r');
|
|
||||||
armorOutputStream.write('\n');
|
|
||||||
armorOutputStream.endClearText();
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
writeSignatures();
|
|
||||||
} catch (PGPException e) {
|
|
||||||
throw new IOException("Exception while writing signatures.", e);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Compressed Data
|
|
||||||
compressedDataGenerator.close();
|
|
||||||
|
|
||||||
// Public Key Encryption
|
|
||||||
if (publicKeyEncryptedStream != null) {
|
|
||||||
publicKeyEncryptedStream.flush();
|
|
||||||
publicKeyEncryptedStream.close();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Armor
|
|
||||||
if (armorOutputStream != null) {
|
|
||||||
armorOutputStream.flush();
|
|
||||||
armorOutputStream.close();
|
|
||||||
}
|
|
||||||
closed = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void writeSignatures() throws PGPException, IOException {
|
|
||||||
SigningOptions signingOptions = options.getSigningOptions();
|
|
||||||
if (signingOptions == null || signingOptions.getSigningMethods().isEmpty()) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// One-Pass-Signatures are bracketed. That means we have to append the signatures in reverse order
|
|
||||||
// compared to the one-pass-signature packets.
|
|
||||||
List<SubkeyIdentifier> signingKeys = new ArrayList<>(signingOptions.getSigningMethods().keySet());
|
|
||||||
for (int i = signingKeys.size() - 1; i >= 0; i--) {
|
|
||||||
SubkeyIdentifier signingKey = signingKeys.get(i);
|
|
||||||
SigningOptions.SigningMethod signingMethod = signingOptions.getSigningMethods().get(signingKey);
|
|
||||||
PGPSignatureGenerator signatureGenerator = signingMethod.getSignatureGenerator();
|
|
||||||
PGPSignature signature = signatureGenerator.generate();
|
|
||||||
if (signingMethod.isDetached()) {
|
|
||||||
resultBuilder.addDetachedSignature(signingKey, signature);
|
|
||||||
}
|
|
||||||
if (!signingMethod.isDetached() || options.isCleartextSigned()) {
|
|
||||||
signature.encode(signatureLayerStream);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public EncryptionResult getResult() {
|
|
||||||
if (!closed) {
|
|
||||||
throw new IllegalStateException("EncryptionStream must be closed before accessing the Result.");
|
|
||||||
}
|
|
||||||
return resultBuilder.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean isClosed() {
|
|
||||||
return closed;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -0,0 +1,251 @@
|
||||||
|
// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package org.pgpainless.encryption_signing
|
||||||
|
|
||||||
|
import org.bouncycastle.bcpg.ArmoredOutputStream
|
||||||
|
import org.bouncycastle.bcpg.BCPGOutputStream
|
||||||
|
import org.bouncycastle.openpgp.PGPCompressedDataGenerator
|
||||||
|
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator
|
||||||
|
import org.bouncycastle.openpgp.PGPException
|
||||||
|
import org.bouncycastle.openpgp.PGPLiteralDataGenerator
|
||||||
|
import org.pgpainless.algorithm.CompressionAlgorithm
|
||||||
|
import org.pgpainless.algorithm.StreamEncoding
|
||||||
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm
|
||||||
|
import org.pgpainless.implementation.ImplementationFactory
|
||||||
|
import org.pgpainless.util.ArmoredOutputStreamFactory
|
||||||
|
import org.slf4j.LoggerFactory
|
||||||
|
import java.io.BufferedOutputStream
|
||||||
|
import java.io.IOException
|
||||||
|
import java.io.OutputStream
|
||||||
|
|
||||||
|
// 1 << 8 causes wrong partial body length encoding
|
||||||
|
// 1 << 9 fixes this.
|
||||||
|
// see https://github.com/pgpainless/pgpainless/issues/160
|
||||||
|
const val BUFFER_SIZE = 1 shl 9
|
||||||
|
|
||||||
|
/**
|
||||||
|
* OutputStream that produces an OpenPGP message. The message can be encrypted, signed, or both,
|
||||||
|
* depending on its configuration.
|
||||||
|
*
|
||||||
|
* This class is based upon Jens Neuhalfen's Bouncy-GPG PGPEncryptingStream.
|
||||||
|
* @see <a href="https://github.com/neuhalje/bouncy-gpg/blob/master/src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/encrypting/PGPEncryptingStream.java">Source</a>
|
||||||
|
*/
|
||||||
|
class EncryptionStream(
|
||||||
|
private var outermostStream: OutputStream,
|
||||||
|
private val options: ProducerOptions,
|
||||||
|
) : OutputStream() {
|
||||||
|
|
||||||
|
private val resultBuilder: EncryptionResult.Builder = EncryptionResult.builder()
|
||||||
|
private var closed: Boolean = false
|
||||||
|
|
||||||
|
private var signatureLayerStream: OutputStream? = null
|
||||||
|
private var armorOutputStream: ArmoredOutputStream? = null
|
||||||
|
private var publicKeyEncryptedStream: OutputStream? = null
|
||||||
|
private var compressedDataGenerator: PGPCompressedDataGenerator? = null
|
||||||
|
private var basicCompressionStream: BCPGOutputStream? = null
|
||||||
|
private var literalDataGenerator: PGPLiteralDataGenerator? = null
|
||||||
|
private var literalDataStream: OutputStream? = null
|
||||||
|
|
||||||
|
init {
|
||||||
|
prepareArmor()
|
||||||
|
prepareEncryption()
|
||||||
|
prepareCompression()
|
||||||
|
prepareOnePassSignatures()
|
||||||
|
prepareLiteralDataProcessing()
|
||||||
|
prepareSigningStream()
|
||||||
|
prepareInputEncoding()
|
||||||
|
}
|
||||||
|
|
||||||
|
private fun prepareArmor() {
|
||||||
|
if (!options.isAsciiArmor) {
|
||||||
|
LOGGER.debug("Output will be unarmored.")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
outermostStream = BufferedOutputStream(outermostStream)
|
||||||
|
LOGGER.debug("Wrap encryption output in ASCII armor.")
|
||||||
|
armorOutputStream = ArmoredOutputStreamFactory.get(outermostStream, options)
|
||||||
|
.also { outermostStream = it }
|
||||||
|
}
|
||||||
|
|
||||||
|
@Throws(IOException::class, PGPException::class)
|
||||||
|
private fun prepareEncryption() {
|
||||||
|
if (options.encryptionOptions == null) {
|
||||||
|
// No encryption options -> no encryption
|
||||||
|
resultBuilder.setEncryptionAlgorithm(SymmetricKeyAlgorithm.NULL)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
require(options.encryptionOptions.encryptionMethods.isNotEmpty()) {
|
||||||
|
"If EncryptionOptions are provided, at least one encryption method MUST be provided as well."
|
||||||
|
}
|
||||||
|
|
||||||
|
EncryptionBuilder.negotiateSymmetricEncryptionAlgorithm(options.encryptionOptions).let {
|
||||||
|
resultBuilder.setEncryptionAlgorithm(it)
|
||||||
|
LOGGER.debug("Encrypt message using symmetric algorithm $it.")
|
||||||
|
val encryptedDataGenerator = PGPEncryptedDataGenerator(
|
||||||
|
ImplementationFactory.getInstance().getPGPDataEncryptorBuilder(it)
|
||||||
|
.apply { setWithIntegrityPacket(true) })
|
||||||
|
options.encryptionOptions.encryptionMethods.forEach { m ->
|
||||||
|
encryptedDataGenerator.addMethod(m)
|
||||||
|
}
|
||||||
|
options.encryptionOptions.encryptionKeyIdentifiers.forEach { r ->
|
||||||
|
resultBuilder.addRecipient(r)
|
||||||
|
}
|
||||||
|
|
||||||
|
publicKeyEncryptedStream = encryptedDataGenerator.open(outermostStream, ByteArray(BUFFER_SIZE))
|
||||||
|
.also { stream -> outermostStream = stream }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Throws(IOException::class)
|
||||||
|
private fun prepareCompression() {
|
||||||
|
EncryptionBuilder.negotiateCompressionAlgorithm(options).let {
|
||||||
|
resultBuilder.setCompressionAlgorithm(it)
|
||||||
|
compressedDataGenerator = PGPCompressedDataGenerator(it.algorithmId)
|
||||||
|
if (it == CompressionAlgorithm.UNCOMPRESSED) return
|
||||||
|
|
||||||
|
LOGGER.debug("Compress using $it.")
|
||||||
|
basicCompressionStream = BCPGOutputStream(compressedDataGenerator!!.open(outermostStream))
|
||||||
|
.also { stream -> outermostStream = stream }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Throws(IOException::class, PGPException::class)
|
||||||
|
private fun prepareOnePassSignatures() {
|
||||||
|
signatureLayerStream = outermostStream
|
||||||
|
if (options.signingOptions == null) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
require(options.signingOptions.signingMethods.isNotEmpty()) {
|
||||||
|
"If SigningOptions are provided, at least one SigningMethod MUST be provided."
|
||||||
|
}
|
||||||
|
for ((index, method) in options.signingOptions.signingMethods.values.withIndex()) {
|
||||||
|
if (!method.isDetached) {
|
||||||
|
// The last sig is not nested, all others are
|
||||||
|
val nested = index + 1 < options.signingOptions.signingMethods.size
|
||||||
|
method.signatureGenerator.generateOnePassVersion(nested).encode(outermostStream)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Throws(IOException::class)
|
||||||
|
private fun prepareLiteralDataProcessing() {
|
||||||
|
if (options.isCleartextSigned) {
|
||||||
|
val hashAlgorithms = collectHashAlgorithmsForCleartextSigning()
|
||||||
|
armorOutputStream!!.beginClearText(*hashAlgorithms.toIntArray())
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
literalDataGenerator = PGPLiteralDataGenerator().also { gen ->
|
||||||
|
literalDataStream = gen.open(outermostStream, options.encoding.code, options.fileName,
|
||||||
|
options.modificationDate, ByteArray(BUFFER_SIZE)).also { stream ->
|
||||||
|
outermostStream = stream
|
||||||
|
}
|
||||||
|
}
|
||||||
|
resultBuilder.apply {
|
||||||
|
setFileName(options.fileName)
|
||||||
|
setModificationDate(options.modificationDate)
|
||||||
|
setFileEncoding(options.encoding)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private fun prepareSigningStream() {
|
||||||
|
outermostStream = SignatureGenerationStream(outermostStream, options.signingOptions)
|
||||||
|
}
|
||||||
|
|
||||||
|
private fun prepareInputEncoding() {
|
||||||
|
outermostStream = CRLFGeneratorStream(
|
||||||
|
// By buffering here, we drastically improve performance
|
||||||
|
// Reason is that CRLFGeneratorStream only implements write(int), so we need BufferedOutputStream to
|
||||||
|
// "convert" to write(buf) calls again
|
||||||
|
BufferedOutputStream(outermostStream),
|
||||||
|
if (options.isApplyCRLFEncoding) StreamEncoding.UTF8 else StreamEncoding.BINARY)
|
||||||
|
}
|
||||||
|
|
||||||
|
private fun collectHashAlgorithmsForCleartextSigning(): Array<Int> {
|
||||||
|
return options.signingOptions?.signingMethods?.values
|
||||||
|
?.map { it.hashAlgorithm }?.toSet()
|
||||||
|
?.map { it.algorithmId }?.toTypedArray()
|
||||||
|
?: arrayOf()
|
||||||
|
}
|
||||||
|
|
||||||
|
@Throws(IOException::class)
|
||||||
|
override fun write(data: Int) = outermostStream.write(data)
|
||||||
|
|
||||||
|
@Throws(IOException::class)
|
||||||
|
override fun write(buffer: ByteArray) = write(buffer, 0, buffer.size)
|
||||||
|
|
||||||
|
@Throws(IOException::class)
|
||||||
|
override fun write(buffer: ByteArray, off: Int, len: Int) = outermostStream.write(buffer, off, len)
|
||||||
|
|
||||||
|
@Throws(IOException::class)
|
||||||
|
override fun flush() = outermostStream.flush()
|
||||||
|
|
||||||
|
@Throws(IOException::class)
|
||||||
|
override fun close() {
|
||||||
|
if (closed) return
|
||||||
|
|
||||||
|
outermostStream.close()
|
||||||
|
literalDataStream?.apply { flush(); close() }
|
||||||
|
literalDataGenerator?.close()
|
||||||
|
|
||||||
|
if (options.isCleartextSigned) {
|
||||||
|
armorOutputStream?.apply {
|
||||||
|
write('\r'.code)
|
||||||
|
write('\n'.code)
|
||||||
|
endClearText()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
writeSignatures()
|
||||||
|
} catch (e : PGPException) {
|
||||||
|
throw IOException("Exception while writing signatures.", e)
|
||||||
|
}
|
||||||
|
|
||||||
|
compressedDataGenerator?.close()
|
||||||
|
|
||||||
|
publicKeyEncryptedStream?.apply {
|
||||||
|
flush()
|
||||||
|
close()
|
||||||
|
}
|
||||||
|
|
||||||
|
armorOutputStream?.apply {
|
||||||
|
flush()
|
||||||
|
close()
|
||||||
|
}
|
||||||
|
closed = true
|
||||||
|
}
|
||||||
|
|
||||||
|
@Throws(PGPException::class, IOException::class)
|
||||||
|
private fun writeSignatures() {
|
||||||
|
if (options.signingOptions == null) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
options.signingOptions.signingMethods.entries.reversed().forEach { (key, method) ->
|
||||||
|
method.signatureGenerator.generate().let { sig ->
|
||||||
|
if (method.isDetached) {
|
||||||
|
resultBuilder.addDetachedSignature(key, sig)
|
||||||
|
}
|
||||||
|
if (!method.isDetached || options.isCleartextSigned) {
|
||||||
|
sig.encode(signatureLayerStream)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
val result: EncryptionResult
|
||||||
|
get() = check(closed) { "EncryptionStream must be closed before accessing the result." }
|
||||||
|
.let { resultBuilder.build() }
|
||||||
|
|
||||||
|
val isClosed
|
||||||
|
get() = closed
|
||||||
|
|
||||||
|
companion object {
|
||||||
|
@JvmStatic
|
||||||
|
private val LOGGER = LoggerFactory.getLogger(EncryptionStream::class.java)
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue