client/src/main/java/org/apache/qpid/client/message/Encrypted010MessageFactory.java [168:260]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - return unencryptedMessageFactory.createMessage(newDelegate, unencryptedData); } catch (GeneralSecurityException | IOException e) { throw new QpidException("Could not decode encrypted message", e); } } catch(QpidException e) { LOGGER.error("Error when attempting to decrypt message " + delegate.getDeliveryTag() + " to address ("+delegate.getJMSDestination()+"). Message will be delivered to the client encrypted", e); return _messageFactoryRegistry.getDefaultFactory().createMessage(delegate, data); } } private byte[] decryptData(final Cipher cipher, final byte[] encryptedData, final int offset, final int length) throws IOException { final byte[] unencryptedBytes; try (CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(encryptedData, offset, length), cipher)) { byte[] buf = new byte[512]; int pos = 0; int read; while ((read = cipherInputStream.read(buf, pos, buf.length - pos)) != -1) { pos += read; if (pos == buf.length) { byte[] tmp = buf; buf = new byte[buf.length + 512]; System.arraycopy(tmp, 0, buf, 0, tmp.length); } } unencryptedBytes= new byte[pos]; System.arraycopy(buf, 0, unencryptedBytes, 0, pos); } return unencryptedBytes; } private SecretKeySpec getContentEncryptionKey(final Collection keyInfoObjList, final String algorithm, final AMQSession session) throws QpidException, GeneralSecurityException, IOException { for(Object keyInfoObject : keyInfoObjList) { try { Iterator iter = ((Collection)keyInfoObject).iterator(); int type = ((Number)iter.next()).intValue(); switch(type) { case 1: String keyEncryptionAlgorithm = (String) iter.next(); X500Principal issuer = new X500Principal((String)iter.next()); BigInteger serialNumber = new BigInteger((String)iter.next()); byte[] encryptedKey = (byte[])iter.next(); PrivateKey privateKey = getPrivateKey(session, issuer, serialNumber); if(privateKey != null) { Cipher cipher = Cipher.getInstance(keyEncryptionAlgorithm); cipher.init(Cipher.DECRYPT_MODE, privateKey); byte[] decryptedData = decryptData(cipher, encryptedKey, 0, encryptedKey.length); SecretKeySpec keySpec = new SecretKeySpec(decryptedData, algorithm.split("/")[0]); return keySpec; } break; default: throw new QpidException("Invalid format of 'x-qpid-encrypted-keys' - unknown key info type: " + type); } } catch(ClassCastException e) { throw new QpidException("Invalid format of 'x-qpid-encrypted-keys'"); } } return null; } private PrivateKey getPrivateKey(final AMQSession session, final X500Principal issuer, final BigInteger serialNumber) throws GeneralSecurityException, IOException { return session.getMessageEncryptionHelper().getEncryptionPrivateKey(issuer, serialNumber); - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - client/src/main/java/org/apache/qpid/client/message/Encrypted091MessageFactory.java [161:252]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - return unencryptedMessageFactory.createMessage(newDelegate, unencryptedData); } catch (GeneralSecurityException | IOException e) { throw new QpidException("Could not decode encrypted message", e); } } catch(QpidException e) { LOGGER.error("Error when attempting to decrypt message " + delegate.getDeliveryTag() + " to address ("+delegate.getJMSDestination()+"). Message will be delivered to the client encrypted", e); return _messageFactoryRegistry.getDefaultFactory().createMessage(delegate, data); } } private byte[] decryptData(final Cipher cipher, final byte[] encryptedData, final int offset, final int length) throws IOException { final byte[] unencryptedBytes; try (CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(encryptedData, offset, length), cipher)) { byte[] buf = new byte[512]; int pos = 0; int read; while ((read = cipherInputStream.read(buf, pos, buf.length - pos)) != -1) { pos += read; if (pos == buf.length) { byte[] tmp = buf; buf = new byte[buf.length + 512]; System.arraycopy(tmp, 0, buf, 0, tmp.length); } } unencryptedBytes= new byte[pos]; System.arraycopy(buf, 0, unencryptedBytes, 0, pos); } return unencryptedBytes; } private SecretKeySpec getContentEncryptionKey(final Collection keyInfoObjList, final String algorithm, final AMQSession session) throws QpidException, GeneralSecurityException, IOException { for(Object keyInfoObject : keyInfoObjList) { try { Iterator iter = ((Collection)keyInfoObject).iterator(); int type = ((Number)iter.next()).intValue(); switch(type) { case 1: String keyEncryptionAlgorithm = (String) iter.next(); X500Principal issuer = new X500Principal((String)iter.next()); BigInteger serialNumber = new BigInteger((String)iter.next()); byte[] encryptedKey = (byte[])iter.next(); PrivateKey privateKey = getPrivateKey(session, issuer, serialNumber); if(privateKey != null) { Cipher cipher = Cipher.getInstance(keyEncryptionAlgorithm); cipher.init(Cipher.DECRYPT_MODE, privateKey); byte[] decryptedData = decryptData(cipher, encryptedKey, 0, encryptedKey.length); SecretKeySpec keySpec = new SecretKeySpec(decryptedData, algorithm.split("/")[0]); return keySpec; } break; default: throw new QpidException("Invalid format of 'x-qpid-encrypted-keys' - unknown key info type: " + type); } } catch(ClassCastException e) { throw new QpidException("Invalid format of 'x-qpid-encrypted-keys'"); } } return null; } private PrivateKey getPrivateKey(final AMQSession session, final X500Principal issuer, final BigInteger serialNumber) throws GeneralSecurityException, IOException { return session.getMessageEncryptionHelper().getEncryptionPrivateKey(issuer, serialNumber); - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -