camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ningji...@apache.org
Subject [1/2] git commit: CAMEL-6875 Added PGPPassphraseAccessor to support more sophsiticate keyring with thanks to Franz
Date Tue, 22 Oct 2013 10:15:43 GMT
Updated Branches:
  refs/heads/camel-2.12.x 3b2da77ea -> d1d4b81a2


CAMEL-6875 Added PGPPassphraseAccessor to support more sophsiticate keyring with thanks to
Franz


Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/d8784008
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/d8784008
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/d8784008

Branch: refs/heads/camel-2.12.x
Commit: d878400812f3b38620c1a645448a93fb0b75cc28
Parents: 3b2da77
Author: Willem Jiang <ningjiang@apache.org>
Authored: Mon Oct 21 18:05:02 2013 +0800
Committer: Willem Jiang <willem.jiang@gmail.com>
Committed: Tue Oct 22 18:10:54 2013 +0800

----------------------------------------------------------------------
 .../camel/converter/crypto/PGPDataFormat.java   | 122 ++++++++++----
 .../converter/crypto/PGPDataFormatUtil.java     | 163 ++++++++++++++++---
 .../converter/crypto/PGPPassphraseAccessor.java |  34 ++++
 .../crypto/PGPPassphraseAccessorDefault.java    |  54 ++++++
 .../converter/crypto/PGPDataFormatTest.java     |  28 ++--
 .../crypto/SpringPGPDataFormatTest.xml          |  16 +-
 .../apache/camel/component/crypto/pubring.gpg   | Bin 1184 -> 2814 bytes
 .../apache/camel/component/crypto/secring.gpg   | Bin 2562 -> 5570 bytes
 8 files changed, 343 insertions(+), 74 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/camel/blob/d8784008/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPDataFormat.java
----------------------------------------------------------------------
diff --git a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPDataFormat.java
b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPDataFormat.java
index e6d8921..c14c5c8 100644
--- a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPDataFormat.java
+++ b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPDataFormat.java
@@ -111,20 +111,30 @@ public class PGPDataFormat extends ServiceSupport implements DataFormat
{
 
     private boolean armored;
     private boolean integrity = true;
-    
-    /** Digest algorithm for signing (marshal).
-     * Possible values are defined in {@link HashAlgorithmTags}.
-     * Default value is SHA1.
+
+    /**
+     * Digest algorithm for signing (marshal). Possible values are defined in
+     * {@link HashAlgorithmTags}. Default value is SHA1.
      */
     private int hashAlgorithm = HashAlgorithmTags.SHA1;
-    
+
     /**
-     * Symmetric key algorithm for encryption (marschal).
-     * Possible values are defined in {@link SymmetricKeyAlgorithmTags}.
-     * Default value is CAST5.
+     * Symmetric key algorithm for encryption (marschal). Possible values are
+     * defined in {@link SymmetricKeyAlgorithmTags}. Default value is CAST5.
      */
     private int algorithm = SymmetricKeyAlgorithmTags.CAST5;
 
+    /**
+     * If no passpharase can be found from the parameter <tt>password</tt> or
+     * <tt>signaturePassword</tt> or from the header
+     * {@link #SIGNATURE_KEY_PASSWORD} or {@link #KEY_PASSWORD} then we try to
+     * get the password from the passphrase accessor. This is especially useful
+     * in the decrypt case, where we chose the private key according to the key
+     * Id stored in the encrypted data. So in this case we do not know the user
+     * Id in advance.
+     */
+    private PGPPassphraseAccessor passphraseAccessor;
+
     public PGPDataFormat() {
     }
 
@@ -141,7 +151,15 @@ public class PGPDataFormat extends ServiceSupport implements DataFormat
{
     }
 
     protected String findKeyPassword(Exchange exchange) {
-        return exchange.getIn().getHeader(KEY_PASSWORD, getPassword(), String.class);
+        String keyPassword = exchange.getIn().getHeader(KEY_PASSWORD, getPassword(), String.class);
+        if (keyPassword != null) {
+            return keyPassword;
+        }
+        if (passphraseAccessor != null) {
+            return passphraseAccessor.getPassphrase(findKeyUserid(exchange));
+        } else {
+            return null;
+        }
     }
 
     protected String findSignatureKeyFileName(Exchange exchange) {
@@ -157,9 +175,17 @@ public class PGPDataFormat extends ServiceSupport implements DataFormat
{
     }
 
     protected String findSignatureKeyPassword(Exchange exchange) {
-        return exchange.getIn().getHeader(SIGNATURE_KEY_PASSWORD, getSignaturePassword(),
String.class);
+        String sigPassword = exchange.getIn().getHeader(SIGNATURE_KEY_PASSWORD, getSignaturePassword(),
String.class);
+        if (sigPassword != null) {
+            return sigPassword;
+        }
+        if (passphraseAccessor != null) {
+            return passphraseAccessor.getPassphrase(findSignatureKeyUserid(exchange));
+        } else {
+            return null;
+        }
     }
-    
+
     protected int findAlgorithm(Exchange exchange) {
         return exchange.getIn().getHeader(ENCRYPTION_ALGORITHM, getAlgorithm(), Integer.class);
     }
@@ -231,13 +257,14 @@ public class PGPDataFormat extends ServiceSupport implements DataFormat
{
             return null;
         }
 
-        PGPSecretKey sigSecretKey = PGPDataFormatUtil.findSecretKey(exchange.getContext(),
sigKeyFileName, sigKeyRing, sigKeyPassword, getProvider());
+        PGPSecretKey sigSecretKey = PGPDataFormatUtil.findSecretKey(exchange.getContext(),
sigKeyFileName, sigKeyRing, sigKeyPassword,
+                sigKeyUserid, getProvider());
         if (sigSecretKey == null) {
             throw new IllegalArgumentException("Signature secret key is null, cannot proceed");
         }
 
-        PGPPrivateKey sigPrivateKey = sigSecretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(getProvider()).build(
-                sigKeyPassword.toCharArray()));
+        PGPPrivateKey sigPrivateKey = sigSecretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(getProvider())
+                .build(sigKeyPassword.toCharArray()));
         if (sigPrivateKey == null) {
             throw new IllegalArgumentException("Signature private key is null, cannot proceed");
         }
@@ -259,15 +286,10 @@ public class PGPDataFormat extends ServiceSupport implements DataFormat
{
             return null;
         }
 
-        PGPPrivateKey key = PGPDataFormatUtil.findPrivateKey(exchange.getContext(), findKeyFileName(exchange),
-                findEncryptionKeyRing(exchange), encryptedStream, findKeyPassword(exchange),
getProvider());
-        if (key == null) {
-            throw new IllegalArgumentException("Private key is null, cannot proceed");
-        }
-
         InputStream in;
         try {
             byte[] encryptedData = IOUtils.toByteArray(encryptedStream);
+            //TODO why do we need a byte array input stream? --> streaming not possible?
             InputStream byteStream = new ByteArrayInputStream(encryptedData);
             in = PGPUtil.getDecoderStream(byteStream);
         } finally {
@@ -286,11 +308,21 @@ public class PGPDataFormat extends ServiceSupport implements DataFormat
{
         }
         IOHelper.close(in);
 
-        PGPPublicKeyEncryptedData pbe = (PGPPublicKeyEncryptedData) enc.get(0);
+        PGPPublicKeyEncryptedData pbe = null;
+        PGPPrivateKey key = null;
+        // find encrypted data for which a private key exists in the secret key ring
+        for (int i = 0; i < enc.size() && key == null; i++) {
+            pbe = (PGPPublicKeyEncryptedData) enc.get(i);
+            key = PGPDataFormatUtil.findPrivateKeyWithKeyId(exchange.getContext(), findKeyFileName(exchange),
+                    findEncryptionKeyRing(exchange), pbe.getKeyID(), findKeyPassword(exchange),
getPassphraseAccessor(), getProvider());
+        }
+        if (key == null) {
+            throw new PGPException("Provided input is encrypted with unknown pair of keys.");
+        }
+
         InputStream encData = pbe.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider(getProvider()).build(key));
         pgpFactory = new PGPObjectFactory(encData);
         PGPCompressedData comData = (PGPCompressedData) pgpFactory.nextObject();
-
         pgpFactory = new PGPObjectFactory(comData.getDataStream());
         Object object = pgpFactory.nextObject();
 
@@ -305,6 +337,7 @@ public class PGPDataFormat extends ServiceSupport implements DataFormat
{
         PGPLiteralData ld = (PGPLiteralData) object;
         InputStream litData = ld.getInputStream();
 
+        //TODO we should enable streaming here with CashedOutputStream!!
         byte[] answer;
         try {
             answer = Streams.readAll(litData);
@@ -315,7 +348,7 @@ public class PGPDataFormat extends ServiceSupport implements DataFormat
{
         if (signature != null) {
             signature.update(answer);
             PGPSignatureList sigList = (PGPSignatureList) pgpFactory.nextObject();
-            if (!signature.verify(sigList.get(0))) {
+            if (!signature.verify(getSignatureWithKeyId(signature.getKeyID(), sigList)))
{
                 throw new SignatureException("Cannot verify PGP signature");
             }
         }
@@ -323,18 +356,37 @@ public class PGPDataFormat extends ServiceSupport implements DataFormat
{
         return answer;
     }
 
+    protected PGPSignature getSignatureWithKeyId(long keyID, PGPSignatureList sigList) {
+        for (int i = 0; i < sigList.size(); i++) {
+            PGPSignature signature = sigList.get(i);
+            if (keyID == signature.getKeyID()) {
+                return signature;
+            }
+        }
+        throw new IllegalStateException("PGP signature is inconsistent");
+    }
+
     protected PGPOnePassSignature getSignature(Exchange exchange, PGPOnePassSignatureList
signatureList) throws IOException, PGPException,
             NoSuchProviderException {
 
-        PGPPublicKey sigPublicKey = PGPDataFormatUtil.findPublicKey(exchange.getContext(),
findSignatureKeyFileName(exchange),
-                findSignatureKeyRing(exchange), findSignatureKeyUserid(exchange), false);
-        if (sigPublicKey == null) {
-            throw new IllegalArgumentException("Signature public key is null, cannot proceed");
+        for (int i = 0; i < signatureList.size(); i++) {
+            PGPOnePassSignature signature = signatureList.get(i);
+            // Determine public key from signature keyId
+            PGPPublicKey sigPublicKey = PGPDataFormatUtil.findPublicKeyWithKeyId(exchange.getContext(),
findSignatureKeyFileName(exchange),
+                    findSignatureKeyRing(exchange), signature.getKeyID(), false);
+            if (sigPublicKey == null) {
+                continue;
+            }
+            // choose that signature for which a public key exists!
+            signature.init(new JcaPGPContentVerifierBuilderProvider().setProvider(getProvider()),
sigPublicKey);
+            return signature;
+        }
+        if (signatureList.isEmpty()) {
+            return null;
+        } else {
+            throw new IllegalArgumentException("No public key found fitting to the signature
key Id; cannot verify the signature");
         }
 
-        PGPOnePassSignature signature = signatureList.get(0);
-        signature.init(new JcaPGPContentVerifierBuilderProvider().setProvider(getProvider()),
sigPublicKey);
-        return signature;
     }
 
     /**
@@ -448,8 +500,6 @@ public class PGPDataFormat extends ServiceSupport implements DataFormat
{
     public void setProvider(String provider) {
         this.provider = provider;
     }
-    
-    
 
     public int getHashAlgorithm() {
         return hashAlgorithm;
@@ -467,6 +517,14 @@ public class PGPDataFormat extends ServiceSupport implements DataFormat
{
         this.algorithm = algorithm;
     }
 
+    public PGPPassphraseAccessor getPassphraseAccessor() {
+        return passphraseAccessor;
+    }
+
+    public void setPassphraseAccessor(PGPPassphraseAccessor passphraseAccessor) {
+        this.passphraseAccessor = passphraseAccessor;
+    }
+
     @Override
     protected void doStart() throws Exception {
         if (Security.getProvider(BC) == null && BC.equals(getProvider())) {

http://git-wip-us.apache.org/repos/asf/camel/blob/d8784008/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPDataFormatUtil.java
----------------------------------------------------------------------
diff --git a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPDataFormatUtil.java
b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPDataFormatUtil.java
index 1dfa33a..bff00ad 100644
--- a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPDataFormatUtil.java
+++ b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPDataFormatUtil.java
@@ -50,8 +50,9 @@ public final class PGPDataFormatUtil {
     private PGPDataFormatUtil() {
     }
 
-    public static PGPPublicKey findPublicKey(CamelContext context, String filename, String
userid, boolean forEncryption) throws IOException, PGPException,
-            NoSuchProviderException {
+    @Deprecated
+    public static PGPPublicKey findPublicKey(CamelContext context, String filename, String
userid, boolean forEncryption)
+        throws IOException, PGPException, NoSuchProviderException {
         return findPublicKey(context, filename, null, userid, forEncryption);
     }
 
@@ -68,6 +69,57 @@ public final class PGPDataFormatUtil {
         return pubKey;
     }
 
+    public static PGPPublicKey findPublicKeyWithKeyId(CamelContext context, String filename,
byte[] keyRing, long keyid,
+            boolean forEncryption) throws IOException, PGPException, NoSuchProviderException
{
+        InputStream is = determineKeyRingInputStream(context, filename, keyRing, forEncryption);
+        PGPPublicKey pubKey;
+        try {
+            pubKey = findPublicKeyWithKeyId(is, keyid);
+        } finally {
+            IOHelper.close(is);
+        }
+        return pubKey;
+    }
+
+    public static PGPPrivateKey findPrivateKeyWithKeyId(CamelContext context, String filename,
byte[] secreteKeyRing, long keyid,
+            String passphrase, PGPPassphraseAccessor passpraseAccessor, String provider)
throws IOException, PGPException,
+            NoSuchProviderException {
+        InputStream is = determineKeyRingInputStream(context, filename, secreteKeyRing, true);
+        try {
+            return findPrivateKeyWithKeyId(is, keyid, passphrase, passpraseAccessor, provider);
+        } finally {
+            IOHelper.close(is);
+        }
+    }
+
+    private static PGPPrivateKey findPrivateKeyWithKeyId(InputStream keyringInput, long keyid,
String passphrase,
+            PGPPassphraseAccessor passphraseAccessor, String provider) throws IOException,
PGPException {
+        PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(keyringInput));
+        for (Iterator<?> i = pgpSec.getKeyRings(); i.hasNext();) {
+            Object data = i.next();
+            if (data instanceof PGPSecretKeyRing) {
+                PGPSecretKeyRing keyring = (PGPSecretKeyRing) data;
+                PGPSecretKey secKey = keyring.getSecretKey();
+                if (secKey != null && keyid == secKey.getKeyID()) {
+                    if (passphrase == null && passphraseAccessor != null) {
+                        // get passphrase from accessor
+                        @SuppressWarnings("unchecked")
+                        Iterator<String> userIDs = secKey.getUserIDs();
+                        while (passphrase == null && userIDs.hasNext()) {
+                            passphrase = passphraseAccessor.getPassphrase(userIDs.next());
+                        }
+                    }
+                    PGPPrivateKey privateKey = secKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(provider).build(
+                            passphrase.toCharArray()));
+                    if (privateKey != null) {
+                        return privateKey;
+                    }
+                }
+            }
+        }
+        return null;
+    }
+
     private static InputStream determineKeyRingInputStream(CamelContext context, String filename,
byte[] keyRing, boolean forEncryption)
         throws IOException {
         if (filename != null && keyRing != null) {
@@ -90,6 +142,24 @@ public final class PGPDataFormatUtil {
     }
 
     @SuppressWarnings("unchecked")
+    private static PGPPublicKey findPublicKeyWithKeyId(InputStream input, long keyid) throws
IOException, PGPException,
+            NoSuchProviderException {
+        PGPPublicKeyRingCollection pgpSec = new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(input));
+
+        for (Iterator<PGPPublicKeyRing> keyRingIter = pgpSec.getKeyRings(); keyRingIter.hasNext();)
{
+            PGPPublicKeyRing keyRing = keyRingIter.next();
+            for (Iterator<PGPPublicKey> keyIter = keyRing.getPublicKeys(); keyIter.hasNext();)
{
+                PGPPublicKey key = keyIter.next();
+                if (keyid == key.getKeyID()) {
+                    return key;
+                }
+            }
+        }
+
+        return null;
+    }
+
+    @SuppressWarnings("unchecked")
     private static PGPPublicKey findPublicKey(InputStream input, String userid, boolean forEncryption)
throws IOException, PGPException,
             NoSuchProviderException {
         PGPPublicKeyRingCollection pgpSec = new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(input));
@@ -99,17 +169,17 @@ public final class PGPDataFormatUtil {
             PGPPublicKeyRing keyRing = keyRingIter.next();
 
             Iterator<PGPPublicKey> keyIter = keyRing.getPublicKeys();
-            String keyUserId = null;
             while (keyIter.hasNext()) {
                 PGPPublicKey key = keyIter.next();
                 for (Iterator<String> iterator = key.getUserIDs(); iterator.hasNext();)
{
-                    keyUserId = iterator.next();
-                }
-                if (keyUserId != null && keyUserId.contains(userid)) {
-                    if (forEncryption && key.isEncryptionKey()) {
-                        return key;
-                    } else if (!forEncryption && isSignatureKey(key)) {
-                        return key;
+                    String keyUserId = iterator.next();
+                    // there can be serveral user IDs!
+                    if (keyUserId != null && keyUserId.contains(userid)) {
+                        if (forEncryption && key.isEncryptionKey()) {
+                            return key;
+                        } else if (!forEncryption && isSignatureKey(key)) {
+                            return key;
+                        }
                     }
                 }
             }
@@ -123,26 +193,36 @@ public final class PGPDataFormatUtil {
         return algorithm == RSA_GENERAL || algorithm == RSA_SIGN || algorithm == DSA || algorithm
== ECDSA || algorithm == ELGAMAL_GENERAL;
     }
 
+    @Deprecated
     public static PGPPrivateKey findPrivateKey(CamelContext context, String keychainFilename,
InputStream encryptedInput, String passphrase)
         throws IOException, PGPException, NoSuchProviderException {
         return findPrivateKey(context, keychainFilename, null, encryptedInput, passphrase,
"BC");
     }
 
+    @Deprecated
     public static PGPPrivateKey findPrivateKey(CamelContext context, String keychainFilename,
byte[] secKeyRing,
-        InputStream encryptedInput, String passphrase, String provider) throws IOException,
PGPException, NoSuchProviderException {
+            InputStream encryptedInput, String passphrase, String provider) throws IOException,
PGPException, NoSuchProviderException {
+        return findPrivateKey(context, keychainFilename, secKeyRing, encryptedInput, passphrase,
null, provider);
+    }
+
+    @Deprecated
+    public static PGPPrivateKey findPrivateKey(CamelContext context, String keychainFilename,
byte[] secKeyRing,
+            InputStream encryptedInput, String passphrase, PGPPassphraseAccessor passphraseAccessor,
String provider) throws IOException,
+            PGPException, NoSuchProviderException {
 
         InputStream keyChainInputStream = determineKeyRingInputStream(context, keychainFilename,
secKeyRing, true);
         PGPPrivateKey privKey = null;
         try {
-            privKey = findPrivateKey(keyChainInputStream, encryptedInput, passphrase, provider);
+            privKey = findPrivateKey(keyChainInputStream, encryptedInput, passphrase, passphraseAccessor,
provider);
         } finally {
             IOHelper.close(keyChainInputStream);
         }
         return privKey;
     }
 
-    private static PGPPrivateKey findPrivateKey(InputStream keyringInput, InputStream encryptedInput,
String passphrase, String provider) throws IOException,
-            PGPException, NoSuchProviderException {
+    @Deprecated
+    private static PGPPrivateKey findPrivateKey(InputStream keyringInput, InputStream encryptedInput,
String passphrase,
+            PGPPassphraseAccessor passphraseAccessor, String provider) throws IOException,
PGPException, NoSuchProviderException {
         PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(keyringInput));
         PGPObjectFactory factory = new PGPObjectFactory(PGPUtil.getDecoderStream(encryptedInput));
         PGPEncryptedDataList enc;
@@ -163,7 +243,16 @@ public final class PGPDataFormatUtil {
             encryptedData = (PGPPublicKeyEncryptedData) encryptedDataObjects.next();
             PGPSecretKey pgpSecKey = pgpSec.getSecretKey(encryptedData.getKeyID());
             if (pgpSecKey != null) {
-                privateKey = pgpSecKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(provider).build(passphrase.toCharArray()));
+                if (passphrase == null && passphraseAccessor != null) {
+                    // get passphrase from accessor
+                    @SuppressWarnings("unchecked")
+                    Iterator<String> userIDs = pgpSecKey.getUserIDs();
+                    while (passphrase == null && userIDs.hasNext()) {
+                        passphrase = passphraseAccessor.getPassphrase(userIDs.next());
+                    }
+                }
+                privateKey = pgpSecKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(provider).build(
+                        passphrase.toCharArray()));
             }
         }
         if (privateKey == null && pgpSec.size() > 0 && encryptedData !=
null) {
@@ -172,25 +261,34 @@ public final class PGPDataFormatUtil {
         return privateKey;
     }
 
-    public static PGPSecretKey findSecretKey(CamelContext context, String keychainFilename,
String passphrase)
-        throws IOException, PGPException, NoSuchProviderException {
+    @Deprecated
+    public static PGPSecretKey findSecretKey(CamelContext context, String keychainFilename,
String passphrase) throws IOException,
+            PGPException, NoSuchProviderException {
         return findSecretKey(context, keychainFilename, null, passphrase, "BC");
     }
 
-    public static PGPSecretKey findSecretKey(CamelContext context, String keychainFilename,
byte[] secKeyRing, String passphrase, String provider)
-        throws IOException, PGPException, NoSuchProviderException {
-
+    public static PGPSecretKey findSecretKey(CamelContext context, String keychainFilename,
byte[] secKeyRing, String passphrase,
+            String userId, String provider) throws IOException, PGPException, NoSuchProviderException
{
         InputStream keyChainInputStream = determineKeyRingInputStream(context, keychainFilename,
secKeyRing, false);
         PGPSecretKey secKey = null;
         try {
-            secKey = findSecretKey(keyChainInputStream, passphrase, provider);
+            secKey = findSecretKey(keyChainInputStream, passphrase, userId, provider);
         } finally {
             IOHelper.close(keyChainInputStream);
         }
         return secKey;
     }
 
-    private static PGPSecretKey findSecretKey(InputStream keyringInput, String passphrase,
String provider) throws IOException, PGPException, NoSuchProviderException {
+    @Deprecated
+    public static PGPSecretKey findSecretKey(CamelContext context, String keychainFilename,
byte[] secKeyRing, String passphrase,
+            String provider) throws IOException, PGPException, NoSuchProviderException {
+
+        return findSecretKey(context, keychainFilename, secKeyRing, passphrase, null, provider);
+    }
+
+    @SuppressWarnings("unchecked")
+    private static PGPSecretKey findSecretKey(InputStream keyringInput, String passphrase,
String userId, String provider)
+        throws IOException, PGPException, NoSuchProviderException {
         PGPSecretKey pgpSecKey = null;
         PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(keyringInput));
         for (Iterator<?> i = pgpSec.getKeyRings(); i.hasNext() && pgpSecKey
== null;) {
@@ -198,9 +296,24 @@ public final class PGPDataFormatUtil {
             if (data instanceof PGPSecretKeyRing) {
                 PGPSecretKeyRing keyring = (PGPSecretKeyRing) data;
                 PGPSecretKey secKey = keyring.getSecretKey();
-                PGPPrivateKey privateKey = secKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(provider).build(passphrase.toCharArray()));
-                if (privateKey != null) {
-                    pgpSecKey = secKey;
+                if (userId != null) {
+                    for (Iterator<String> iterator = secKey.getUserIDs(); iterator.hasNext();)
{
+                        String keyUserId = iterator.next();
+                        // there can be serveral user IDs!
+                        if (keyUserId != null && keyUserId.contains(userId)) {
+                            PGPPrivateKey privateKey = secKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(provider)
+                                    .build(passphrase.toCharArray()));
+                            if (privateKey != null) {
+                                return secKey;
+                            }
+                        }
+                    }
+                } else {
+                    PGPPrivateKey privateKey = secKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(provider).build(
+                            passphrase.toCharArray()));
+                    if (privateKey != null) {
+                        pgpSecKey = secKey;
+                    }
                 }
             }
         }

http://git-wip-us.apache.org/repos/asf/camel/blob/d8784008/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java
----------------------------------------------------------------------
diff --git a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java
b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java
new file mode 100644
index 0000000..4bd6b8f
--- /dev/null
+++ b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.converter.crypto;
+
+/**
+ * Access to the password for a user Id.
+ * 
+ */
+public interface PGPPassphraseAccessor {
+
+    /**
+     * Returns the passphrase for a user Id
+     * 
+     * @param userId
+     *            user Id, can be <code>null</code>
+     * @return the passphrase for the user Id, or <code>null</code> if the
+     *         passphrase cannot be found
+     */
+    String getPassphrase(String userId);
+}

http://git-wip-us.apache.org/repos/asf/camel/blob/d8784008/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java
----------------------------------------------------------------------
diff --git a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java
b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java
new file mode 100644
index 0000000..6796ccd
--- /dev/null
+++ b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.converter.crypto;
+
+import java.util.Map;
+
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import org.apache.camel.util.ObjectHelper;
+
+public class PGPPassphraseAccessorDefault implements PGPPassphraseAccessor {
+
+    private final Map<String, String> userId2Passphrase;
+
+    public PGPPassphraseAccessorDefault(Map<String, String> userId2Passphrase) {
+        ObjectHelper.notNull(userId2Passphrase, "userIdPassphrase");
+
+        this.userId2Passphrase = userId2Passphrase;
+    }
+
+    @Override
+    public String getPassphrase(String userId) {
+        return userId2Passphrase.get(userId);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/camel/blob/d8784008/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/PGPDataFormatTest.java
----------------------------------------------------------------------
diff --git a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/PGPDataFormatTest.java
b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/PGPDataFormatTest.java
index e890d53..a739a42 100644
--- a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/PGPDataFormatTest.java
+++ b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/PGPDataFormatTest.java
@@ -19,6 +19,8 @@ package org.apache.camel.converter.crypto;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.Collections;
+import java.util.Map;
 
 import org.apache.camel.builder.RouteBuilder;
 import org.apache.camel.util.IOHelper;
@@ -106,7 +108,7 @@ public class PGPDataFormatTest extends AbstractPGPDataFormatTest {
                 from("direct:inline")
                         .marshal().pgp(keyFileName, keyUserid)
                         .to("mock:encrypted")
-                        .unmarshal().pgp(keyFileNameSec, keyUserid, keyPassword)
+                        .unmarshal().pgp(keyFileNameSec, null, keyPassword)
                         .to("mock:unencrypted");
                 // END SNIPPET: pgp-format
 
@@ -119,7 +121,7 @@ public class PGPDataFormatTest extends AbstractPGPDataFormatTest {
 
                 PGPDataFormat pgpDecrypt = new PGPDataFormat();
                 pgpDecrypt.setKeyFileName(keyFileNameSec);
-                pgpDecrypt.setKeyUserid(keyUserid);
+               // pgpDecrypt.setKeyUserid(keyUserid);
                 pgpDecrypt.setPassword(keyPassword);
                 pgpDecrypt.setProvider(getProvider());
 
@@ -132,7 +134,7 @@ public class PGPDataFormatTest extends AbstractPGPDataFormatTest {
                 from("direct:inline-armor")
                         .marshal().pgp(keyFileName, keyUserid, null, true, true)
                         .to("mock:encrypted")
-                        .unmarshal().pgp(keyFileNameSec, keyUserid, keyPassword, true, true)
+                        .unmarshal().pgp(keyFileNameSec, null, keyPassword, true, true)
                         .to("mock:unencrypted");
                 // END SNIPPET: pgp-format-header
 
@@ -141,8 +143,9 @@ public class PGPDataFormatTest extends AbstractPGPDataFormatTest {
                 pgpSignAndEncrypt.setKeyFileName(keyFileName);
                 pgpSignAndEncrypt.setKeyUserid(keyUserid);
                 pgpSignAndEncrypt.setSignatureKeyFileName(keyFileNameSec);
+                PGPPassphraseAccessor passphraseAccessor = getPassphraseAccessor();
                 pgpSignAndEncrypt.setSignatureKeyUserid(keyUserid);
-                pgpSignAndEncrypt.setSignaturePassword(keyPassword);
+                pgpSignAndEncrypt.setPassphraseAccessor(passphraseAccessor);
                 pgpSignAndEncrypt.setProvider(getProvider());
                 pgpSignAndEncrypt.setAlgorithm(getAlgorithm());
                 pgpSignAndEncrypt.setHashAlgorithm(getHashAlgorithm());
@@ -150,10 +153,8 @@ public class PGPDataFormatTest extends AbstractPGPDataFormatTest {
 
                 PGPDataFormat pgpVerifyAndDecrypt = new PGPDataFormat();
                 pgpVerifyAndDecrypt.setKeyFileName(keyFileNameSec);
-                pgpVerifyAndDecrypt.setKeyUserid(keyUserid);
                 pgpVerifyAndDecrypt.setPassword(keyPassword);
                 pgpVerifyAndDecrypt.setSignatureKeyFileName(keyFileName);
-                pgpVerifyAndDecrypt.setSignatureKeyUserid(keyUserid);
                 pgpVerifyAndDecrypt.setProvider(getProvider());
 
                 from("direct:inline-sign")
@@ -172,8 +173,7 @@ public class PGPDataFormatTest extends AbstractPGPDataFormatTest {
 
                 PGPDataFormat pgpDecryptByteArray = new PGPDataFormat();
                 pgpDecryptByteArray.setEncryptionKeyRing(getSecKeyRing());
-                pgpDecryptByteArray.setKeyUserid(keyUserid);
-                pgpDecryptByteArray.setPassword(keyPassword);
+                pgpDecryptByteArray.setPassphraseAccessor(passphraseAccessor);
                 pgpDecryptByteArray.setProvider(getProvider());
 
                 from("direct:key-ring-byte-array").marshal(pgpEncryptByteArray).to("mock:encrypted").unmarshal(pgpDecryptByteArray)
@@ -191,10 +191,8 @@ public class PGPDataFormatTest extends AbstractPGPDataFormatTest {
                 pgpSignAndEncryptByteArray.setHashAlgorithm(HashAlgorithmTags.RIPEMD160);
 
                 PGPDataFormat pgpVerifyAndDecryptByteArray = new PGPDataFormat();
-                pgpVerifyAndDecryptByteArray.setKeyUserid(keyUserid);
-                pgpVerifyAndDecryptByteArray.setPassword(keyPassword);
+                pgpVerifyAndDecryptByteArray.setPassphraseAccessor(passphraseAccessor);
                 pgpVerifyAndDecryptByteArray.setEncryptionKeyRing(getSecKeyRing());
-                pgpVerifyAndDecryptByteArray.setSignatureKeyUserid(keyUserid);
                 pgpVerifyAndDecryptByteArray.setProvider(getProvider());
 
                 from("direct:sign-key-ring-byte-array")
@@ -208,6 +206,8 @@ public class PGPDataFormatTest extends AbstractPGPDataFormatTest {
                         .removeHeader(PGPDataFormat.SIGNATURE_KEY_RING).to("mock:unencrypted");
                 // END SNIPPET: pgp-format-signature-key-ring-byte-array
             }
+
+           
         };
     }
 
@@ -226,5 +226,11 @@ public class PGPDataFormatTest extends AbstractPGPDataFormatTest {
         output.close();
         return output.toByteArray();
     }
+    
+    public static PGPPassphraseAccessor getPassphraseAccessor() {
+        Map<String, String> userId2Passphrase = Collections.singletonMap("Super <sdude@nowhere.net>",
"sdude");
+        PGPPassphraseAccessor passphraseAccessor = new PGPPassphraseAccessorDefault(userId2Passphrase);
+        return passphraseAccessor;
+    }
 
 }

http://git-wip-us.apache.org/repos/asf/camel/blob/d8784008/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringPGPDataFormatTest.xml
----------------------------------------------------------------------
diff --git a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringPGPDataFormatTest.xml
b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringPGPDataFormatTest.xml
index 38d8c39..fcc15ac 100644
--- a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringPGPDataFormatTest.xml
+++ b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringPGPDataFormatTest.xml
@@ -28,7 +28,7 @@
       <pgp id="encrypt" keyFileName="org/apache/camel/component/crypto/pubring.gpg"
            keyUserid="sdude@nowhere.net"/>
       <pgp id="decrypt" keyFileName="org/apache/camel/component/crypto/secring.gpg"
-           keyUserid="sdude@nowhere.net" password="sdude"/>
+           password="sdude"/>
     </dataFormats>
 
     <route>
@@ -56,20 +56,24 @@
       <property name="algorithm" value="7"/> <!-- AES128  algorithm -->
    </bean>
    
-   <bean id="decryptBean" class="org.apache.camel.converter.crypto.PGPDataFormat">
-      <property name="keyUserid" value="sdude@nowhere.net"/>  
+   <bean id="decryptBean" class="org.apache.camel.converter.crypto.PGPDataFormat">

       <property name="encryptionKeyRing" ref="secKeyRing"/>
-      <property name="password" value="sdude"/>
+      <property name="passphraseAccessor" ref="passphraseAccessorBean"/>
    </bean>
    
-   <!-- bean represents the publik key ring as byte array -->
+   <!-- bean represents the public key ring as byte array -->
    <bean id="pubKeyRing"
 		class="org.apache.camel.converter.crypto.PGPDataFormatTest"
 		factory-method="getPublicKeyRing" />
 		
-	<!-- bean represents the secure key ring as byte array -->	
+	<!-- bean represents the secret key ring as byte array -->	
    <bean id="secKeyRing"
 		class="org.apache.camel.converter.crypto.PGPDataFormatTest"
 		factory-method="getSecKeyRing" />
+        
+    <!-- bean passphrase accessor  -->
+     <bean id="passphraseAccessorBean"
+        class="org.apache.camel.converter.crypto.PGPDataFormatTest"
+        factory-method="getPassphraseAccessor" />
     <!-- END SNIPPET:  pgp-xml-data-format-bean-with-keyring-bytearray -->
 </beans>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/camel/blob/d8784008/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/pubring.gpg
----------------------------------------------------------------------
diff --git a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/pubring.gpg
b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/pubring.gpg
index 4b3e405..21029c6 100644
Binary files a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/pubring.gpg
and b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/pubring.gpg
differ

http://git-wip-us.apache.org/repos/asf/camel/blob/d8784008/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/secring.gpg
----------------------------------------------------------------------
diff --git a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/secring.gpg
b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/secring.gpg
index d631be3..36af553 100644
Binary files a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/secring.gpg
and b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/secring.gpg
differ


Mime
View raw message