You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by fo...@apache.org on 2017/03/24 13:17:21 UTC

camel git commit: CAMEL-11063: PGP Decryptor does not make Integrity check

Repository: camel
Updated Branches:
  refs/heads/master 0ec853096 -> 803e37dd9


CAMEL-11063: PGP Decryptor does not make Integrity check

Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/803e37dd
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/803e37dd
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/803e37dd

Branch: refs/heads/master
Commit: 803e37dd944ff120ca000de2dc86cf1d64bac7be
Parents: 0ec8530
Author: Franz Forsthofer <fr...@sap.com>
Authored: Fri Mar 24 14:14:14 2017 +0100
Committer: Franz Forsthofer <fr...@sap.com>
Committed: Fri Mar 24 14:14:14 2017 +0100

----------------------------------------------------------------------
 .../crypto/PGPKeyAccessDataFormat.java          | 34 ++++++++++++++++++--
 1 file changed, 31 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/camel/blob/803e37dd/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java
----------------------------------------------------------------------
diff --git a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java
index 1f2aae1..d3e17ad 100644
--- a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java
+++ b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java
@@ -369,7 +369,8 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat
 
         try {
             in = PGPUtil.getDecoderStream(encryptedStream);
-            encData = getDecryptedData(exchange, in);
+            DecryptedDataAndPPublicKeyEncryptedData encDataAndPbe = getDecryptedData(exchange, in);
+            encData = encDataAndPbe.getDecryptedData();
             PGPObjectFactory pgpFactory = new PGPObjectFactory(encData, new BcKeyFingerprintCalculator());
             Object object = pgpFactory.nextObject();
             if (object instanceof PGPCompressedData) {
@@ -412,6 +413,12 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat
                 osb.flush();
             }
             verifySignature(pgpFactory, signature);
+            PGPPublicKeyEncryptedData pbe = encDataAndPbe.getPbe();
+            if (pbe.isIntegrityProtected()) {
+                if (!pbe.verify()) {
+                    throw new PGPException("Message failed integrity check");
+                }
+            }
         } finally {
             IOHelper.close(osb, litData, uncompressedData, encData, in, encryptedStream);
         }
@@ -419,7 +426,7 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat
         return osb.build();
     }
 
-    private InputStream getDecryptedData(Exchange exchange, InputStream encryptedStream) throws Exception, PGPException {
+    private DecryptedDataAndPPublicKeyEncryptedData getDecryptedData(Exchange exchange, InputStream encryptedStream) throws Exception, PGPException {
         PGPObjectFactory pgpFactory = new PGPObjectFactory(encryptedStream, new BcKeyFingerprintCalculator());
         Object firstObject = pgpFactory.nextObject();
         // the first object might be a PGP marker packet 
@@ -448,7 +455,7 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat
         }
 
         InputStream encData = pbe.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider(getProvider()).build(key));
-        return encData;
+        return new DecryptedDataAndPPublicKeyEncryptedData(encData, pbe);
     }
 
     private PGPEncryptedDataList getEcryptedDataList(PGPObjectFactory pgpFactory, Object firstObject) throws IOException {
@@ -777,4 +784,25 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat
     protected void doStop() throws Exception { //NOPMD
         // noop
     }
+    
+    private static class DecryptedDataAndPPublicKeyEncryptedData {
+
+        private final InputStream decryptedData;
+
+        private final PGPPublicKeyEncryptedData pbe;
+
+        DecryptedDataAndPPublicKeyEncryptedData(InputStream decryptedData, PGPPublicKeyEncryptedData pbe) {
+            this.decryptedData = decryptedData;
+            this.pbe = pbe;
+        }
+
+        public InputStream getDecryptedData() {
+            return decryptedData;
+        }
+
+        public PGPPublicKeyEncryptedData getPbe() {
+            return pbe;
+        }
+
+    }
 }