Class PGPKeyAccessDataFormat
- java.lang.Object
-
- org.apache.camel.support.service.BaseService
-
- org.apache.camel.support.service.ServiceSupport
-
- org.apache.camel.converter.crypto.PGPKeyAccessDataFormat
-
- All Implemented Interfaces:
AutoCloseable
,org.apache.camel.Service
,org.apache.camel.ShutdownableService
,org.apache.camel.spi.DataFormat
,org.apache.camel.spi.DataFormatName
,org.apache.camel.StatefulService
,org.apache.camel.SuspendableService
- Direct Known Subclasses:
PGPDataFormat
public class PGPKeyAccessDataFormat extends org.apache.camel.support.service.ServiceSupport implements org.apache.camel.spi.DataFormat, org.apache.camel.spi.DataFormatName
This PGP Data Format uses the interfacesPGPPublicKeyAccessor
andPGPSecretKeyAccessor
to access the keys for encryption/signing and decryption/signature verification. These interfaces allow caching of the keys which can improve the performance.If you want to provide the key access via keyrings in the format of a byte array or file, then you should use the class
PGPDataFormat
.
-
-
Field Summary
Fields Modifier and Type Field Description static String
COMPRESSION_ALGORITHM
static String
ENCRYPTION_ALGORITHM
static String
KEY_USERID
static String
KEY_USERIDS
static String
NUMBER_OF_ENCRYPTION_KEYS
During encryption the number of asymmetric encryption keys is set to this header parameter.static String
NUMBER_OF_SIGNING_KEYS
During signing the number of signing keys is set to this header parameter.static String
SIGNATURE_HASH_ALGORITHM
static String
SIGNATURE_KEY_USERID
static String
SIGNATURE_KEY_USERIDS
static String
SIGNATURE_VERIFICATION_OPTION_IGNORE
Signature verification option "required": Used during unmarshaling.static String
SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED
Signature verification option "no signature allowed": Used during unmarshaling.static String
SIGNATURE_VERIFICATION_OPTION_OPTIONAL
Signature verification option "optional": Used during unmarshaling.static String
SIGNATURE_VERIFICATION_OPTION_REQUIRED
Signature verification option "required": Used during unmarshaling.
-
Constructor Summary
Constructors Constructor Description PGPKeyAccessDataFormat()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected List<org.bouncycastle.openpgp.PGPSignatureGenerator>
createSignatureGenerator(org.apache.camel.Exchange exchange, OutputStream out)
protected List<String>
determineEncryptionUserIds(org.apache.camel.Exchange exchange)
protected List<String>
determineSignaturenUserIds(org.apache.camel.Exchange exchange)
protected void
doStart()
protected void
doStop()
protected int
findAlgorithm(org.apache.camel.Exchange exchange)
protected int
findCompressionAlgorithm(org.apache.camel.Exchange exchange)
protected String
findFileName(org.apache.camel.Exchange exchange)
protected int
findHashAlgorithm(org.apache.camel.Exchange exchange)
protected String
findKeyUserid(org.apache.camel.Exchange exchange)
protected List<String>
findKeyUserids(org.apache.camel.Exchange exchange)
protected String
findSignatureKeyUserid(org.apache.camel.Exchange exchange)
protected List<String>
findSignatureKeyUserids(org.apache.camel.Exchange exchange)
int
getAlgorithm()
boolean
getArmored()
int
getCompressionAlgorithm()
String
getDataFormatName()
String
getFileName()
Returns the file name for the literal packet.int
getHashAlgorithm()
boolean
getIntegrity()
String
getKeyUserid()
List<String>
getKeyUserids()
String
getProvider()
PGPPublicKeyAccessor
getPublicKeyAccessor()
PGPSecretKeyAccessor
getSecretKeyAccessor()
protected org.bouncycastle.openpgp.PGPOnePassSignature
getSignature(org.apache.camel.Exchange exchange, org.bouncycastle.openpgp.PGPOnePassSignatureList signatureList)
String
getSignatureKeyUserid()
List<String>
getSignatureKeyUserids()
String
getSignatureVerificationOption()
protected org.bouncycastle.openpgp.PGPSignature
getSignatureWithKeyId(long keyID, org.bouncycastle.openpgp.PGPSignatureList sigList)
boolean
isWithCompressedDataPacket()
void
marshal(org.apache.camel.Exchange exchange, Object graph, OutputStream outputStream)
void
setAlgorithm(int algorithm)
Symmetric key algorithm for encryption (marshaling).void
setArmored(boolean armored)
Sets if the encrypted file should be written in ascii visible text (for marshaling).void
setCompressionAlgorithm(int compressionAlgorithm)
Compression algorithm used during marshaling.void
setFileName(String fileName)
Sets the file name for the literal data packet.void
setHashAlgorithm(int hashAlgorithm)
Digest algorithm for signing (marshaling).void
setIntegrity(boolean integrity)
Whether or not to add an integrity check/sign to the encrypted file for marshaling.void
setKeyUserid(String keyUserid)
User ID, or more precisely user ID part, of the key used for encryption.void
setKeyUserids(List<String> keyUserids)
Keys User IDs, or more precisely user ID parts, used for determining the public keys for encryption.void
setProvider(String provider)
Java Cryptography Extension (JCE) provider, default is Bouncy Castle ("BC").void
setPublicKeyAccessor(PGPPublicKeyAccessor publicKeyAccessor)
void
setSecretKeyAccessor(PGPSecretKeyAccessor secretKeyAccessor)
void
setSignatureKeyUserid(String signatureKeyUserid)
Userid, or more precisely user ID part, of the signature key used for signing (marshal) and verifying (unmarshal).void
setSignatureKeyUserids(List<String> signatureKeyUserids)
User IDs, or more precisely user ID parts, used for signing and verification.void
setSignatureVerificationOption(String signatureVerificationOption)
Signature verification option.void
setWithCompressedDataPacket(boolean withCompressedDataPacket)
Indicator that Compressed Data packet shall be added during encryption.Object
unmarshal(org.apache.camel.Exchange exchange, InputStream encryptedStream)
-
Methods inherited from class org.apache.camel.support.service.BaseService
build, doBuild, doFail, doInit, doLifecycleChange, doResume, doShutdown, doSuspend, fail, getStatus, init, isBuild, isInit, isNew, isRunAllowed, isShutdown, isStarted, isStarting, isStartingOrStarted, isStopped, isStopping, isStoppingOrStopped, isSuspended, isSuspending, isSuspendingOrSuspended, resume, shutdown, start, stop, suspend
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
-
-
-
Field Detail
-
KEY_USERID
public static final String KEY_USERID
- See Also:
- Constant Field Values
-
KEY_USERIDS
public static final String KEY_USERIDS
- See Also:
- Constant Field Values
-
SIGNATURE_KEY_USERID
public static final String SIGNATURE_KEY_USERID
- See Also:
- Constant Field Values
-
SIGNATURE_KEY_USERIDS
public static final String SIGNATURE_KEY_USERIDS
- See Also:
- Constant Field Values
-
ENCRYPTION_ALGORITHM
public static final String ENCRYPTION_ALGORITHM
- See Also:
- Constant Field Values
-
SIGNATURE_HASH_ALGORITHM
public static final String SIGNATURE_HASH_ALGORITHM
- See Also:
- Constant Field Values
-
COMPRESSION_ALGORITHM
public static final String COMPRESSION_ALGORITHM
- See Also:
- Constant Field Values
-
SIGNATURE_VERIFICATION_OPTION_OPTIONAL
public static final String SIGNATURE_VERIFICATION_OPTION_OPTIONAL
Signature verification option "optional": Used during unmarshaling. The PGP message can or cannot contain signatures. If it does contain signatures then one of them is verified. This is the default option.- See Also:
- Constant Field Values
-
SIGNATURE_VERIFICATION_OPTION_REQUIRED
public static final String SIGNATURE_VERIFICATION_OPTION_REQUIRED
Signature verification option "required": Used during unmarshaling. It is checked that the PGP message does contain at least one signature. If this is not the case aPGPException
is thrown. One of the contained signatures is verified.- See Also:
- Constant Field Values
-
SIGNATURE_VERIFICATION_OPTION_IGNORE
public static final String SIGNATURE_VERIFICATION_OPTION_IGNORE
Signature verification option "required": Used during unmarshaling. If the PGP message contains signatures then they are ignored. No verification takes place.- See Also:
- Constant Field Values
-
SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED
public static final String SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED
Signature verification option "no signature allowed": Used during unmarshaling. It is checked that the PGP message does contain not any signatures. If this is not the case aPGPException
is thrown.- See Also:
- Constant Field Values
-
NUMBER_OF_ENCRYPTION_KEYS
public static final String NUMBER_OF_ENCRYPTION_KEYS
During encryption the number of asymmetric encryption keys is set to this header parameter. The Value is of type Integer.- See Also:
- Constant Field Values
-
NUMBER_OF_SIGNING_KEYS
public static final String NUMBER_OF_SIGNING_KEYS
During signing the number of signing keys is set to this header parameter. This corresponds to the number of signatures. The Value is of type Integer.- See Also:
- Constant Field Values
-
-
Method Detail
-
getDataFormatName
public String getDataFormatName()
- Specified by:
getDataFormatName
in interfaceorg.apache.camel.spi.DataFormatName
-
findKeyUserid
protected String findKeyUserid(org.apache.camel.Exchange exchange)
-
findSignatureKeyUserid
protected String findSignatureKeyUserid(org.apache.camel.Exchange exchange)
-
findSignatureKeyUserids
protected List<String> findSignatureKeyUserids(org.apache.camel.Exchange exchange)
-
findCompressionAlgorithm
protected int findCompressionAlgorithm(org.apache.camel.Exchange exchange)
-
findAlgorithm
protected int findAlgorithm(org.apache.camel.Exchange exchange)
-
findHashAlgorithm
protected int findHashAlgorithm(org.apache.camel.Exchange exchange)
-
findFileName
protected String findFileName(org.apache.camel.Exchange exchange)
-
marshal
public void marshal(org.apache.camel.Exchange exchange, Object graph, OutputStream outputStream) throws Exception
- Specified by:
marshal
in interfaceorg.apache.camel.spi.DataFormat
- Throws:
Exception
-
determineEncryptionUserIds
protected List<String> determineEncryptionUserIds(org.apache.camel.Exchange exchange)
-
determineSignaturenUserIds
protected List<String> determineSignaturenUserIds(org.apache.camel.Exchange exchange)
-
createSignatureGenerator
protected List<org.bouncycastle.openpgp.PGPSignatureGenerator> createSignatureGenerator(org.apache.camel.Exchange exchange, OutputStream out) throws Exception
- Throws:
Exception
-
unmarshal
public Object unmarshal(org.apache.camel.Exchange exchange, InputStream encryptedStream) throws Exception
- Specified by:
unmarshal
in interfaceorg.apache.camel.spi.DataFormat
- Throws:
Exception
-
getSignatureWithKeyId
protected org.bouncycastle.openpgp.PGPSignature getSignatureWithKeyId(long keyID, org.bouncycastle.openpgp.PGPSignatureList sigList)
-
getSignature
protected org.bouncycastle.openpgp.PGPOnePassSignature getSignature(org.apache.camel.Exchange exchange, org.bouncycastle.openpgp.PGPOnePassSignatureList signatureList) throws Exception
- Throws:
Exception
-
setArmored
public void setArmored(boolean armored)
Sets if the encrypted file should be written in ascii visible text (for marshaling).
-
getArmored
public boolean getArmored()
-
setIntegrity
public void setIntegrity(boolean integrity)
Whether or not to add an integrity check/sign to the encrypted file for marshaling.
-
getIntegrity
public boolean getIntegrity()
-
setKeyUserid
public void setKeyUserid(String keyUserid)
User ID, or more precisely user ID part, of the key used for encryption. See also#setKeyUserids(List
.)
-
getKeyUserid
public String getKeyUserid()
-
setKeyUserids
public void setKeyUserids(List<String> keyUserids)
Keys User IDs, or more precisely user ID parts, used for determining the public keys for encryption. If you just have one User ID, then you can also use the methodsetKeyUserid(String)
. The User ID specified insetKeyUserid(String)
and in this method will be merged together and the public keys which have a User ID which contain a value of the specified User IDs the will be used for the encryption. Be aware that you may get several public keys even if you specify only one User Id, because there can be several public keys which have a User ID which contains the specified User ID.
-
setSignatureKeyUserid
public void setSignatureKeyUserid(String signatureKeyUserid)
Userid, or more precisely user ID part, of the signature key used for signing (marshal) and verifying (unmarshal). See alsosetSignatureKeyUserids(List)
.
-
getSignatureKeyUserid
public String getSignatureKeyUserid()
-
setSignatureKeyUserids
public void setSignatureKeyUserids(List<String> signatureKeyUserids)
User IDs, or more precisely user ID parts, used for signing and verification.In the signing case, the User IDs specify the private keys which are used for signing. If the result are several private keys then several signatures will be created. If you just have one signature User ID, then you can also use the method
setSignatureKeyUserid(String)
or this method. The User ID specified insetSignatureKeyUserid(String)
and in this method will be merged together and the private keys which have a User Id which contain one value out of the specified UserIds will be used for the signature creation. Be aware that you may get several private keys even if you specify only one User Id, because there can be several private keys which have a User ID which contains the specified User ID.In the verification case the User IDs restrict the set of public keys which can be used for verification. The public keys used for verification must contain a User ID which contain one value of the User ID list. If you neither specify in this method and nor specify in the method
setSignatureKeyUserid(String)
any value then any public key in the public key ring will be taken into consideration for the verification.If you just have one User ID, then you can also use the method
setSignatureKeyUserid(String)
. The User ID specified insetSignatureKeyUserid(String)
and in this method will be merged together and the corresponding public keys represent the potential keys for the verification of the message.
-
getProvider
public String getProvider()
-
setProvider
public void setProvider(String provider)
Java Cryptography Extension (JCE) provider, default is Bouncy Castle ("BC"). Alternatively you can use, for example, the IAIK JCE provider; in this case the provider must be registered beforehand and the Bouncy Castle provider must not be registered beforehand. The Sun JCE provider does not work.
-
getCompressionAlgorithm
public int getCompressionAlgorithm()
-
setCompressionAlgorithm
public void setCompressionAlgorithm(int compressionAlgorithm)
Compression algorithm used during marshaling. Possible values are defined inCompressionAlgorithmTags
. Default value is ZIP.
-
getHashAlgorithm
public int getHashAlgorithm()
-
setHashAlgorithm
public void setHashAlgorithm(int hashAlgorithm)
Digest algorithm for signing (marshaling). Possible values are defined inHashAlgorithmTags
. Default value is SHA1.
-
getAlgorithm
public int getAlgorithm()
-
setAlgorithm
public void setAlgorithm(int algorithm)
Symmetric key algorithm for encryption (marshaling). Possible values are defined inSymmetricKeyAlgorithmTags
. Default value is CAST5.
-
getPublicKeyAccessor
public PGPPublicKeyAccessor getPublicKeyAccessor()
-
setPublicKeyAccessor
public void setPublicKeyAccessor(PGPPublicKeyAccessor publicKeyAccessor)
-
getSecretKeyAccessor
public PGPSecretKeyAccessor getSecretKeyAccessor()
-
setSecretKeyAccessor
public void setSecretKeyAccessor(PGPSecretKeyAccessor secretKeyAccessor)
-
getSignatureVerificationOption
public String getSignatureVerificationOption()
-
isWithCompressedDataPacket
public boolean isWithCompressedDataPacket()
-
setWithCompressedDataPacket
public void setWithCompressedDataPacket(boolean withCompressedDataPacket)
Indicator that Compressed Data packet shall be added during encryption. The default value is true. If false then the compression algorithm (seesetCompressionAlgorithm(int)
is ignored.
-
setSignatureVerificationOption
public void setSignatureVerificationOption(String signatureVerificationOption)
Signature verification option. Controls the behavior for the signature verification during unmarshaling. Possible values areSIGNATURE_VERIFICATION_OPTION_OPTIONAL
,SIGNATURE_VERIFICATION_OPTION_REQUIRED
,SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED
, andSIGNATURE_VERIFICATION_OPTION_IGNORE
. The default value isSIGNATURE_VERIFICATION_OPTION_OPTIONAL
- Parameters:
signatureVerificationOption
- signature verification option- Throws:
IllegalArgumentException
- if an invalid value is entered
-
getFileName
public String getFileName()
Returns the file name for the literal packet. Cannot benull
.
-
setFileName
public void setFileName(String fileName)
Sets the file name for the literal data packet. Can be overwritten by the headerExchange.FILE_NAME
. The default value is "_CONSOLE". "_CONSOLE" indicates that the message is considered to be "for your eyes only". This advises that the message data is unusually sensitive, and the receiving program should process it more carefully, perhaps avoiding storing the received data to disk, for example.Only used for marshaling.
- Parameters:
fileName
-- Throws:
IllegalArgumentException
- if fileName isnull
-
doStart
protected void doStart() throws Exception
- Overrides:
doStart
in classorg.apache.camel.support.service.BaseService
- Throws:
Exception
-
-