You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by fo...@apache.org on 2017/03/24 13:17:21 UTC
camel git commit: CAMEL-11063: PGP Decryptor does not make Integrity
check
Repository: camel
Updated Branches:
refs/heads/master 0ec853096 -> 803e37dd9
CAMEL-11063: PGP Decryptor does not make Integrity check
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/803e37dd
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/803e37dd
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/803e37dd
Branch: refs/heads/master
Commit: 803e37dd944ff120ca000de2dc86cf1d64bac7be
Parents: 0ec8530
Author: Franz Forsthofer <fr...@sap.com>
Authored: Fri Mar 24 14:14:14 2017 +0100
Committer: Franz Forsthofer <fr...@sap.com>
Committed: Fri Mar 24 14:14:14 2017 +0100
----------------------------------------------------------------------
.../crypto/PGPKeyAccessDataFormat.java | 34 ++++++++++++++++++--
1 file changed, 31 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/803e37dd/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java
----------------------------------------------------------------------
diff --git a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java
index 1f2aae1..d3e17ad 100644
--- a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java
+++ b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java
@@ -369,7 +369,8 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat
try {
in = PGPUtil.getDecoderStream(encryptedStream);
- encData = getDecryptedData(exchange, in);
+ DecryptedDataAndPPublicKeyEncryptedData encDataAndPbe = getDecryptedData(exchange, in);
+ encData = encDataAndPbe.getDecryptedData();
PGPObjectFactory pgpFactory = new PGPObjectFactory(encData, new BcKeyFingerprintCalculator());
Object object = pgpFactory.nextObject();
if (object instanceof PGPCompressedData) {
@@ -412,6 +413,12 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat
osb.flush();
}
verifySignature(pgpFactory, signature);
+ PGPPublicKeyEncryptedData pbe = encDataAndPbe.getPbe();
+ if (pbe.isIntegrityProtected()) {
+ if (!pbe.verify()) {
+ throw new PGPException("Message failed integrity check");
+ }
+ }
} finally {
IOHelper.close(osb, litData, uncompressedData, encData, in, encryptedStream);
}
@@ -419,7 +426,7 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat
return osb.build();
}
- private InputStream getDecryptedData(Exchange exchange, InputStream encryptedStream) throws Exception, PGPException {
+ private DecryptedDataAndPPublicKeyEncryptedData getDecryptedData(Exchange exchange, InputStream encryptedStream) throws Exception, PGPException {
PGPObjectFactory pgpFactory = new PGPObjectFactory(encryptedStream, new BcKeyFingerprintCalculator());
Object firstObject = pgpFactory.nextObject();
// the first object might be a PGP marker packet
@@ -448,7 +455,7 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat
}
InputStream encData = pbe.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider(getProvider()).build(key));
- return encData;
+ return new DecryptedDataAndPPublicKeyEncryptedData(encData, pbe);
}
private PGPEncryptedDataList getEcryptedDataList(PGPObjectFactory pgpFactory, Object firstObject) throws IOException {
@@ -777,4 +784,25 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat
protected void doStop() throws Exception { //NOPMD
// noop
}
+
+ private static class DecryptedDataAndPPublicKeyEncryptedData {
+
+ private final InputStream decryptedData;
+
+ private final PGPPublicKeyEncryptedData pbe;
+
+ DecryptedDataAndPPublicKeyEncryptedData(InputStream decryptedData, PGPPublicKeyEncryptedData pbe) {
+ this.decryptedData = decryptedData;
+ this.pbe = pbe;
+ }
+
+ public InputStream getDecryptedData() {
+ return decryptedData;
+ }
+
+ public PGPPublicKeyEncryptedData getPbe() {
+ return pbe;
+ }
+
+ }
}