Package org.apache.camel.converter.crypto

Class PGPKeyAccessDataFormat

java.lang.Object
org.apache.camel.support.service.BaseService
org.apache.camel.support.service.ServiceSupport
org.apache.camel.converter.crypto.PGPKeyAccessDataFormat
All Implemented Interfaces:
AutoCloseable, org.apache.camel.Service, org.apache.camel.ShutdownableService, org.apache.camel.spi.DataFormat, org.apache.camel.spi.DataFormatName, org.apache.camel.StatefulService, org.apache.camel.SuspendableService
Direct Known Subclasses:
PGPDataFormat
public class PGPKeyAccessDataFormat extends org.apache.camel.support.service.ServiceSupport implements org.apache.camel.spi.DataFormat, org.apache.camel.spi.DataFormatName
This PGP Data Format uses the interfaces PGPPublicKeyAccessor and PGPSecretKeyAccessor to access the keys for encryption/signing and decryption/signature verification. These interfaces allow caching of the keys which can improve the performance.

If you want to provide the key access via keyrings in the format of a byte array or file, then you should use the class PGPDataFormat.

  • Field Details

    • KEY_USERID

      public static final String KEY_USERID
      See Also:

    • KEY_USERIDS

      public static final String KEY_USERIDS
      See Also:

    • SIGNATURE_KEY_USERID

      public static final String SIGNATURE_KEY_USERID
      See Also:

    • SIGNATURE_KEY_USERIDS

      public static final String SIGNATURE_KEY_USERIDS
      See Also:

    • ENCRYPTION_ALGORITHM

      public static final String ENCRYPTION_ALGORITHM
      See Also:

    • SIGNATURE_HASH_ALGORITHM

      public static final String SIGNATURE_HASH_ALGORITHM
      See Also:

    • COMPRESSION_ALGORITHM

      public static final String COMPRESSION_ALGORITHM
      See Also:

    • SIGNATURE_VERIFICATION_OPTION_OPTIONAL

      public static final String SIGNATURE_VERIFICATION_OPTION_OPTIONAL
      Signature verification option "optional": Used during unmarshaling. The PGP message can or cannot contain signatures. If it does contain signatures then one of them is verified. This is the default option.
      See Also:

    • SIGNATURE_VERIFICATION_OPTION_REQUIRED

      public static final String SIGNATURE_VERIFICATION_OPTION_REQUIRED
      Signature verification option "required": Used during unmarshaling. It is checked that the PGP message does contain at least one signature. If this is not the case a PGPException is thrown. One of the contained signatures is verified.
      See Also:

    • SIGNATURE_VERIFICATION_OPTION_IGNORE

      public static final String SIGNATURE_VERIFICATION_OPTION_IGNORE
      Signature verification option "required": Used during unmarshaling. If the PGP message contains signatures then they are ignored. No verification takes place.
      See Also:

    • SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED

      public static final String SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED
      Signature verification option "no signature allowed": Used during unmarshaling. It is checked that the PGP message does contain not any signatures. If this is not the case a PGPException is thrown.
      See Also:

    • NUMBER_OF_ENCRYPTION_KEYS

      public static final String NUMBER_OF_ENCRYPTION_KEYS
      During encryption the number of asymmetric encryption keys is set to this header parameter. The Value is of type Integer.
      See Also:

    • NUMBER_OF_SIGNING_KEYS

      public static final String NUMBER_OF_SIGNING_KEYS
      During signing the number of signing keys is set to this header parameter. This corresponds to the number of signatures. The Value is of type Integer.
      See Also:

  • Constructor Details

    • PGPKeyAccessDataFormat

      public PGPKeyAccessDataFormat()

  • Method Details

    • getDataFormatName

      public String getDataFormatName()
      Specified by:
      getDataFormatName in interface org.apache.camel.spi.DataFormatName

    • findKeyUserid

      protected String findKeyUserid(org.apache.camel.Exchange exchange)

    • findKeyUserids

      protected List<String> findKeyUserids(org.apache.camel.Exchange exchange)

    • findSignatureKeyUserid

      protected String findSignatureKeyUserid(org.apache.camel.Exchange exchange)

    • findSignatureKeyUserids

      protected List<String> findSignatureKeyUserids(org.apache.camel.Exchange exchange)

    • findCompressionAlgorithm

      protected int findCompressionAlgorithm(org.apache.camel.Exchange exchange)

    • findAlgorithm

      protected int findAlgorithm(org.apache.camel.Exchange exchange)

    • findHashAlgorithm

      protected int findHashAlgorithm(org.apache.camel.Exchange exchange)

    • findFileName

      protected String findFileName(org.apache.camel.Exchange exchange)

    • marshal

      public void marshal(org.apache.camel.Exchange exchange, Object graph, OutputStream outputStream) throws Exception
      Specified by:
      marshal in interface org.apache.camel.spi.DataFormat
      Throws:
      Exception

    • determineEncryptionUserIds

      protected List<String> determineEncryptionUserIds(org.apache.camel.Exchange exchange)

    • determineSignaturenUserIds

      protected List<String> determineSignaturenUserIds(org.apache.camel.Exchange exchange)

    • createSignatureGenerator

      protected List<org.bouncycastle.openpgp.PGPSignatureGenerator> createSignatureGenerator(org.apache.camel.Exchange exchange, OutputStream out) throws Exception
      Throws:
      Exception

    • unmarshal

      public Object unmarshal(org.apache.camel.Exchange exchange, InputStream encryptedStream) throws Exception
      Specified by:
      unmarshal in interface org.apache.camel.spi.DataFormat
      Throws:
      Exception

    • getSignatureWithKeyId

      protected org.bouncycastle.openpgp.PGPSignature getSignatureWithKeyId(long keyID, org.bouncycastle.openpgp.PGPSignatureList sigList)

    • getSignature

      protected org.bouncycastle.openpgp.PGPOnePassSignature getSignature(org.apache.camel.Exchange exchange, org.bouncycastle.openpgp.PGPOnePassSignatureList signatureList) throws Exception
      Throws:
      Exception

    • setArmored

      public void setArmored(boolean armored)
      Sets if the encrypted file should be written in ascii visible text (for marshaling).

    • getArmored

      public boolean getArmored()

    • setIntegrity

      public void setIntegrity(boolean integrity)
      Whether or not to add an integrity check/sign to the encrypted file for marshaling.

    • getIntegrity

      public boolean getIntegrity()

    • setKeyUserid

      public void setKeyUserid(String keyUserid)
      User ID, or more precisely user ID part, of the key used for encryption. See also setKeyUserids(List<String>).

    • getKeyUserid

      public String getKeyUserid()

    • getKeyUserids

      public List<String> getKeyUserids()

    • setKeyUserids

      public void setKeyUserids(List<String> keyUserids)
      Keys User IDs, or more precisely user ID parts, used for determining the public keys for encryption. If you just have one User ID, then you can also use the method setKeyUserid(String). The User ID specified in setKeyUserid(String) and in this method will be merged together and the public keys which have a User ID which contain a value of the specified User IDs the will be used for the encryption. Be aware that you may get several public keys even if you specify only one User Id, because there can be several public keys which have a User ID which contains the specified User ID.

    • setSignatureKeyUserid

      public void setSignatureKeyUserid(String signatureKeyUserid)
      Userid, or more precisely user ID part, of the signature key used for signing (marshal) and verifying (unmarshal). See also setSignatureKeyUserids(List).

    • getSignatureKeyUserid

      public String getSignatureKeyUserid()

    • getSignatureKeyUserids

      public List<String> getSignatureKeyUserids()

    • setSignatureKeyUserids

      public void setSignatureKeyUserids(List<String> signatureKeyUserids)
      User IDs, or more precisely user ID parts, used for signing and verification.

      In the signing case, the User IDs specify the private keys which are used for signing. If the result are several private keys then several signatures will be created. If you just have one signature User ID, then you can also use the method setSignatureKeyUserid(String) or this method. The User ID specified in setSignatureKeyUserid(String) and in this method will be merged together and the private keys which have a User Id which contain one value out of the specified UserIds will be used for the signature creation. Be aware that you may get several private keys even if you specify only one User Id, because there can be several private keys which have a User ID which contains the specified User ID.

      In the verification case the User IDs restrict the set of public keys which can be used for verification. The public keys used for verification must contain a User ID which contain one value of the User ID list. If you neither specify in this method and nor specify in the method setSignatureKeyUserid(String) any value then any public key in the public key ring will be taken into consideration for the verification.

      If you just have one User ID, then you can also use the method setSignatureKeyUserid(String). The User ID specified in setSignatureKeyUserid(String) and in this method will be merged together and the corresponding public keys represent the potential keys for the verification of the message.

    • getProvider

      public String getProvider()

    • setProvider

      public void setProvider(String provider)
      Java Cryptography Extension (JCE) provider, default is Bouncy Castle ("BC"). Alternatively you can use, for example, the IAIK JCE provider; in this case the provider must be registered beforehand and the Bouncy Castle provider must not be registered beforehand. The Sun JCE provider does not work.

    • getCompressionAlgorithm

      public int getCompressionAlgorithm()

    • setCompressionAlgorithm

      public void setCompressionAlgorithm(int compressionAlgorithm)
      Compression algorithm used during marshaling. Possible values are defined in CompressionAlgorithmTags. Default value is ZIP.

    • getHashAlgorithm

      public int getHashAlgorithm()

    • setHashAlgorithm

      public void setHashAlgorithm(int hashAlgorithm)
      Digest algorithm for signing (marshaling). Possible values are defined in HashAlgorithmTags. Default value is SHA1.

    • getAlgorithm

      public int getAlgorithm()

    • setAlgorithm

      public void setAlgorithm(int algorithm)
      Symmetric key algorithm for encryption (marshaling). Possible values are defined in SymmetricKeyAlgorithmTags. Default value is CAST5.

    • getPublicKeyAccessor

      public PGPPublicKeyAccessor getPublicKeyAccessor()

    • setPublicKeyAccessor

      public void setPublicKeyAccessor(PGPPublicKeyAccessor publicKeyAccessor)

    • getSecretKeyAccessor

      public PGPSecretKeyAccessor getSecretKeyAccessor()

    • setSecretKeyAccessor

      public void setSecretKeyAccessor(PGPSecretKeyAccessor secretKeyAccessor)

    • getSignatureVerificationOption

      public String getSignatureVerificationOption()

    • isWithCompressedDataPacket

      public boolean isWithCompressedDataPacket()

    • setWithCompressedDataPacket

      public void setWithCompressedDataPacket(boolean withCompressedDataPacket)
      Indicator that Compressed Data packet shall be added during encryption. The default value is true. If false then the compression algorithm (see setCompressionAlgorithm(int) is ignored.

    • setSignatureVerificationOption

      public void setSignatureVerificationOption(String signatureVerificationOption)
      Signature verification option. Controls the behavior for the signature verification during unmarshaling. Possible values are SIGNATURE_VERIFICATION_OPTION_OPTIONAL, SIGNATURE_VERIFICATION_OPTION_REQUIRED, SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED, and SIGNATURE_VERIFICATION_OPTION_IGNORE. The default value is SIGNATURE_VERIFICATION_OPTION_OPTIONAL
      Parameters:
      signatureVerificationOption - signature verification option
      Throws:
      IllegalArgumentException - if an invalid value is entered

    • getFileName

      public String getFileName()
      Returns the file name for the literal packet. Cannot be null .

    • setFileName

      public void setFileName(String fileName)
      Sets the file name for the literal data packet. Can be overwritten by the header Exchange.FILE_NAME. The default value is "_CONSOLE". "_CONSOLE" indicates that the message is considered to be "for your eyes only". This advises that the message data is unusually sensitive, and the receiving program should process it more carefully, perhaps avoiding storing the received data to disk, for example.

      Only used for marshaling.

      Parameters:
      fileName -
      Throws:
      IllegalArgumentException - if fileName is null

    • doStart

      protected void doStart() throws Exception
      Overrides:
      doStart in class org.apache.camel.support.service.BaseService
      Throws:
      Exception

    • doStop

      protected void doStop() throws Exception
      Overrides:
      doStop in class org.apache.camel.support.service.BaseService
      Throws:
      Exception