org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider Java Examples

The following examples show how to use org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PackageBuilderTest.java    From dropwizard-debpkg-maven-plugin with Apache License 2.0 6 votes vote down vote up
@Test
public void testPackageSignature() throws IOException, PackagingException, PGPException, SignatureException, org.bouncycastle.openpgp.PGPException, NoSuchProviderException {
    final File debFile = createPackage(ImmutableList.<Resource>of(
            new StringResource("hello world", true, "/tmp/test.txt", USER, USER, TarEntry.DEFAULT_FILE_MODE)
    ));

    final File packageDir = temporaryFolder.newFolder();
    ArchiveUtils.extractAr(debFile, packageDir);

    final File pgpSignatureFile = new File(packageDir, "_gpgorigin");
    assertTrue(pgpSignatureFile.exists());

    try (final InputStream keyringIn = PGPUtil.getDecoderStream(PackageBuilderTest.class.getResourceAsStream("public.asc"))) {
        try (final InputStream signatureIn = PGPUtil.getDecoderStream(new FileInputStream(pgpSignatureFile))) {
            final PGPPublicKey publicKey = ((PGPPublicKeyRing) new BcPGPPublicKeyRingCollection(keyringIn).getKeyRings().next()).getPublicKey();
            final PGPSignature signature = ((PGPSignatureList) new BcPGPObjectFactory(signatureIn).nextObject()).get(0);
            signature.init(new BcPGPContentVerifierBuilderProvider(), publicKey);

            signature.update(Files.asByteSource(new File(packageDir, "debian-binary")).read());
            signature.update(Files.asByteSource(new File(packageDir, "control.tar.gz")).read());
            signature.update(Files.asByteSource(new File(packageDir, "data.tar.gz")).read());

            assertTrue(signature.verify());
        }
    }
}
 
Example #2
Source File: Marksdb.java    From nomulus with Apache License 2.0 5 votes vote down vote up
private static void pgpVerifySignature(byte[] data, byte[] signature, PGPPublicKey publicKey)
    throws PGPException, SignatureException {
  Security.addProvider(new BouncyCastleProvider());
  PGPSignature sig = pgpExtractSignature(signature);
  sig.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
  sig.update(data);
  if (!sig.verify()) {
    throw new SignatureException(String.format(
        "MarksDB PGP signature verification failed.\n%s",
        dumpHex(signature)));
  }
}
 
Example #3
Source File: BouncyCastleTest.java    From nomulus with Apache License 2.0 5 votes vote down vote up
@Test
public void testSignVerify_Detached() throws Exception {
  // Load the keys.
  PGPPublicKeyRing publicKeyRing = new BcPGPPublicKeyRing(PUBLIC_KEY);
  PGPSecretKeyRing privateKeyRing = new BcPGPSecretKeyRing(PRIVATE_KEY);
  PGPPublicKey publicKey = publicKeyRing.getPublicKey();
  PGPPrivateKey privateKey = extractPrivateKey(privateKeyRing.getSecretKey());

  // Sign the data and write signature data to "signatureFile".
  // Note: RSA_GENERAL will encrypt AND sign. RSA_SIGN and RSA_ENCRYPT are deprecated.
  PGPSignatureGenerator signer = new PGPSignatureGenerator(
      new BcPGPContentSignerBuilder(RSA_GENERAL, SHA256));
  signer.init(PGPSignature.BINARY_DOCUMENT, privateKey);
  addUserInfoToSignature(publicKey, signer);
  signer.update(FALL_OF_HYPERION_A_DREAM.getBytes(UTF_8));
  ByteArrayOutputStream output = new ByteArrayOutputStream();
  signer.generate().encode(output);
  byte[] signatureFileData = output.toByteArray();
  logger.atInfo().log(".sig file data: %s", dumpHex(signatureFileData));

  // Load algorithm information and signature data from "signatureFileData".
  PGPSignature sig;
  try (ByteArrayInputStream input = new ByteArrayInputStream(signatureFileData)) {
    PGPObjectFactory pgpFact = new BcPGPObjectFactory(input);
    PGPSignatureList sigList = (PGPSignatureList) pgpFact.nextObject();
    assertThat(sigList.size()).isEqualTo(1);
    sig = sigList.get(0);
  }

  // Use "onePass" and "sig" to verify "publicKey" signed the text.
  sig.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
  sig.update(FALL_OF_HYPERION_A_DREAM.getBytes(UTF_8));
  assertThat(sig.verify()).isTrue();

  // Verify that they DIDN'T sign the text "hello monster".
  sig.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
  sig.update("hello monster".getBytes(UTF_8));
  assertThat(sig.verify()).isFalse();
}
 
Example #4
Source File: BcGpgDoer.java    From jeka with Apache License 2.0 5 votes vote down vote up
static boolean verify(InputStream streamToVerify, InputStream signatureStream,
        InputStream keyInputStream) throws IOException, PGPException {

    final InputStream sigInputStream = PGPUtil.getDecoderStream(new BufferedInputStream(
            signatureStream));

    final KeyFingerPrintCalculator fingerPrintCalculator = new JcaKeyFingerprintCalculator();
    final PGPObjectFactory pgpObjectFactory = new PGPObjectFactory(sigInputStream,
            fingerPrintCalculator);
    final PGPSignatureList signatureList;
    final Object gpgObject = pgpObjectFactory.nextObject();
    if (gpgObject == null) {
        throw new IllegalArgumentException("no PGP signature found in " + sigInputStream);
    }
    if (gpgObject instanceof PGPCompressedData) {
        final PGPCompressedData compressedData = (PGPCompressedData) gpgObject;
        final PGPObjectFactory compressedPgpObjectFactory = new PGPObjectFactory(
                compressedData.getDataStream(), fingerPrintCalculator);
        signatureList = (PGPSignatureList) compressedPgpObjectFactory.nextObject();
    } else {
        signatureList = (PGPSignatureList) gpgObject;
    }

    final PGPPublicKeyRingCollection pgpPubRingCollection = new PGPPublicKeyRingCollection(
            PGPUtil.getDecoderStream(keyInputStream), fingerPrintCalculator);
    final InputStream bufferedStream = new BufferedInputStream(streamToVerify);
    final PGPSignature signature = signatureList.get(0);
    final PGPPublicKey publicKey = pgpPubRingCollection.getPublicKey(signature.getKeyID());

    final PGPContentVerifierBuilderProvider builderProvider = new BcPGPContentVerifierBuilderProvider();
    signature.init(builderProvider, publicKey);
    int character;
    while ((character = bufferedStream.read()) >= 0) {
        signature.update((byte) character);
    }
    return signature.verify();
}
 
Example #5
Source File: PublicKeyUtils.java    From pgpverify-maven-plugin with Apache License 2.0 5 votes vote down vote up
private static void verifySigForSubKey(PGPPublicKey subKey, PGPPublicKeyRing publicKeyRing) throws PGPException {

        int signatureTypeToCheck = subKey.hasRevocation()
                ? PGPSignature.SUBKEY_REVOCATION : PGPSignature.SUBKEY_BINDING;

        AtomicBoolean hasValidSignature = new AtomicBoolean(false);

        Iterator<?> it = subKey.getSignaturesOfType(signatureTypeToCheck);
        it.forEachRemaining(s -> Try.run(() -> {
                    PGPSignature sig = (PGPSignature) s;

                    PGPPublicKey masterKey = publicKeyRing.getPublicKey(sig.getKeyID());
                    if (masterKey != null) {
                        sig.init(new BcPGPContentVerifierBuilderProvider(), masterKey);
                        if (sig.verifyCertification(masterKey, subKey)) {
                            hasValidSignature.set(true);
                        } else {
                            LOGGER.debug("Invalid signature [{}] type: {} for subKey: {}",
                                    sig.getCreationTime(), sig.getSignatureType(), fingerprint(subKey));
                        }
                    } else {
                        throw new PGPException(
                                String.format("Signature type: %d Not found key 0x%016X for subKeyId: %s",
                                sig.getSignatureType(), sig.getKeyID(), fingerprint(subKey)));
                    }
                }).get()
        );

        if (!hasValidSignature.get()) {
            throw new PGPException(String.format("No valid signature type: %d for subKey: %s",
                    signatureTypeToCheck, fingerprint(subKey)));
        }
    }
 
Example #6
Source File: Decryptor.java    From jpgpj with MIT License 4 votes vote down vote up
/**
 * Helper for signature verification.
 */
protected PGPContentVerifierBuilderProvider getVerifierProvider() {
    return new BcPGPContentVerifierBuilderProvider();
}
 
Example #7
Source File: PGPUtils.java    From tigase-extension with GNU General Public License v3.0 4 votes vote down vote up
private static boolean verifyKeySignature(PGPPublicKey publicKey, PGPSignature sig) throws PGPException {
    sig.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
    return sig.verifyCertification(publicKey);
}
 
Example #8
Source File: PGPUtils.java    From tigase-extension with GNU General Public License v3.0 4 votes vote down vote up
private static boolean verifyUidSignature(PGPPublicKey publicKey, PGPSignature sig, PGPPublicKey signerKey, String uid) throws PGPException {
    sig.init(new BcPGPContentVerifierBuilderProvider(), signerKey);
    return sig.verifyCertification(uid, publicKey);
}
 
Example #9
Source File: BouncyCastleTest.java    From nomulus with Apache License 2.0 3 votes vote down vote up
@Test
public void testSignVerify_OnePass() throws Exception {
  // Load the keys.
  PGPPublicKeyRing publicKeyRing = new BcPGPPublicKeyRing(PUBLIC_KEY);
  PGPSecretKeyRing privateKeyRing = new BcPGPSecretKeyRing(PRIVATE_KEY);
  PGPPublicKey publicKey = publicKeyRing.getPublicKey();
  PGPPrivateKey privateKey = extractPrivateKey(privateKeyRing.getSecretKey());

  // Sign the data and write signature data to "signatureFile".
  PGPSignatureGenerator signer = new PGPSignatureGenerator(
      new BcPGPContentSignerBuilder(RSA_GENERAL, SHA256));
  signer.init(PGPSignature.BINARY_DOCUMENT, privateKey);
  addUserInfoToSignature(publicKey, signer);
  ByteArrayOutputStream output = new ByteArrayOutputStream();
  signer.generateOnePassVersion(false).encode(output);
  signer.update(FALL_OF_HYPERION_A_DREAM.getBytes(UTF_8));
  signer.generate().encode(output);
  byte[] signatureFileData = output.toByteArray();
  logger.atInfo().log(".sig file data: %s", dumpHex(signatureFileData));

  // Load algorithm information and signature data from "signatureFileData".
  PGPSignature sig;
  PGPOnePassSignature onePass;
  try (ByteArrayInputStream input = new ByteArrayInputStream(signatureFileData)) {
    PGPObjectFactory pgpFact = new BcPGPObjectFactory(input);
    PGPOnePassSignatureList onePassList = (PGPOnePassSignatureList) pgpFact.nextObject();
    PGPSignatureList sigList = (PGPSignatureList) pgpFact.nextObject();
    assertThat(onePassList.size()).isEqualTo(1);
    assertThat(sigList.size()).isEqualTo(1);
    onePass = onePassList.get(0);
    sig = sigList.get(0);
  }

  // Use "onePass" and "sig" to verify "publicKey" signed the text.
  onePass.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
  onePass.update(FALL_OF_HYPERION_A_DREAM.getBytes(UTF_8));
  assertThat(onePass.verify(sig)).isTrue();

  // Verify that they DIDN'T sign the text "hello monster".
  onePass.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
  onePass.update("hello monster".getBytes(UTF_8));
  assertThat(onePass.verify(sig)).isFalse();
}