Repository: camel Updated Branches: refs/heads/camel-2.18.x 59c8fb9b0 -> ac5f22e7b
CAMEL-11063: PGP Decryptor does not make Integrity check Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/ac5f22e7 Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/ac5f22e7 Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/ac5f22e7 Branch: refs/heads/camel-2.18.x Commit: ac5f22e7b8ec7bbd39eaebbd26d0e60db0fcfd86 Parents: 59c8fb9 Author: Franz Forsthofer <franz.forstho...@sap.com> Authored: Fri Mar 24 14:14:14 2017 +0100 Committer: Franz Forsthofer <franz.forstho...@sap.com> Committed: Fri Mar 24 14:22:09 2017 +0100 ---------------------------------------------------------------------- .../crypto/PGPKeyAccessDataFormat.java | 34 ++++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/ac5f22e7/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java ---------------------------------------------------------------------- diff --git a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java index 0851630..9db3a94 100644 --- a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java +++ b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPKeyAccessDataFormat.java @@ -370,7 +370,8 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat try { in = PGPUtil.getDecoderStream(encryptedStream); - encData = getDecryptedData(exchange, in); + DecryptedDataAndPPublicKeyEncryptedData encDataAndPbe = getDecryptedData(exchange, in); + encData = encDataAndPbe.getDecryptedData(); PGPObjectFactory pgpFactory = new PGPObjectFactory(encData, new BcKeyFingerprintCalculator()); Object object = pgpFactory.nextObject(); if (object instanceof PGPCompressedData) { @@ -413,6 +414,12 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat osb.flush(); } verifySignature(pgpFactory, signature); + PGPPublicKeyEncryptedData pbe = encDataAndPbe.getPbe(); + if (pbe.isIntegrityProtected()) { + if (!pbe.verify()) { + throw new PGPException("Message failed integrity check"); + } + } } finally { IOHelper.close(osb, litData, uncompressedData, encData, in, encryptedStream); } @@ -420,7 +427,7 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat return osb.build(); } - private InputStream getDecryptedData(Exchange exchange, InputStream encryptedStream) throws Exception, PGPException { + private DecryptedDataAndPPublicKeyEncryptedData getDecryptedData(Exchange exchange, InputStream encryptedStream) throws Exception, PGPException { PGPObjectFactory pgpFactory = new PGPObjectFactory(encryptedStream, new BcKeyFingerprintCalculator()); Object firstObject = pgpFactory.nextObject(); // the first object might be a PGP marker packet @@ -449,7 +456,7 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat } InputStream encData = pbe.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider(getProvider()).build(key)); - return encData; + return new DecryptedDataAndPPublicKeyEncryptedData(encData, pbe); } private PGPEncryptedDataList getEcryptedDataList(PGPObjectFactory pgpFactory, Object firstObject) throws IOException { @@ -778,4 +785,25 @@ public class PGPKeyAccessDataFormat extends ServiceSupport implements DataFormat protected void doStop() throws Exception { //NOPMD // noop } + + private static class DecryptedDataAndPPublicKeyEncryptedData { + + private final InputStream decryptedData; + + private final PGPPublicKeyEncryptedData pbe; + + DecryptedDataAndPPublicKeyEncryptedData(InputStream decryptedData, PGPPublicKeyEncryptedData pbe) { + this.decryptedData = decryptedData; + this.pbe = pbe; + } + + public InputStream getDecryptedData() { + return decryptedData; + } + + public PGPPublicKeyEncryptedData getPbe() { + return pbe; + } + + } }
