in priam/src/main/java/com/netflix/priam/cryptography/pgp/PgpCryptography.java [97:175]
public InputStream decryptStream(InputStream in, char[] passwd, String objectName)
throws Exception {
logger.info("Start to decrypt object: {}", objectName);
in = PGPUtil.getDecoderStream(in);
// general class for reading a stream of data.
PGPObjectFactory inPgpReader = new PGPObjectFactory(in);
Object o = inPgpReader.nextObject();
PGPEncryptedDataList encryptedDataList;
// the first object might be a PGP marker packet.
if (o instanceof PGPEncryptedDataList) encryptedDataList = (PGPEncryptedDataList) o;
else
// first object was a marker, the real data is the next one.
encryptedDataList = (PGPEncryptedDataList) inPgpReader.nextObject();
// get the iterator so we can iterate through all the encrypted data.
Iterator encryptedDataIterator = encryptedDataList.getEncryptedDataObjects();
// to be use for decryption
PGPPrivateKey privateKey = null;
// a handle to the encrypted data stream
PGPPublicKeyEncryptedData encryptedDataStreamHandle = null;
while (privateKey == null && encryptedDataIterator.hasNext()) {
// a handle to the encrypted data stream
encryptedDataStreamHandle = (PGPPublicKeyEncryptedData) encryptedDataIterator.next();
try {
privateKey =
findSecretKey(
getPgpSecurityCollection(),
encryptedDataStreamHandle.getKeyID(),
passwd);
} catch (Exception ex) {
throw new IllegalStateException(
"decryption exception: object: "
+ objectName
+ ", Exception when fetching private key using key: "
+ encryptedDataStreamHandle.getKeyID(),
ex);
}
}
if (privateKey == null)
throw new IllegalStateException(
"decryption exception: object: "
+ objectName
+ ", Private key for message not found.");
// finally, lets decrypt the object
InputStream decryptInputStream = encryptedDataStreamHandle.getDataStream(privateKey, "BC");
PGPObjectFactory decryptedDataReader = new PGPObjectFactory(decryptInputStream);
// the decrypted data object is compressed, lets decompress it.
// get a handle to the decrypted, compress data stream
PGPCompressedData compressedDataReader =
(PGPCompressedData) decryptedDataReader.nextObject();
InputStream compressedStream =
new BufferedInputStream(compressedDataReader.getDataStream());
PGPObjectFactory compressedStreamReader = new PGPObjectFactory(compressedStream);
Object data = compressedStreamReader.nextObject();
if (data instanceof PGPLiteralData) {
PGPLiteralData dataPgpReader = (PGPLiteralData) data;
// a handle to the decrypted, uncompress data stream
return dataPgpReader.getInputStream();
} else if (data instanceof PGPOnePassSignatureList) {
throw new PGPException(
"decryption exception: object: "
+ objectName
+ ", encrypted data contains a signed message - not literal data.");
} else {
throw new PGPException(
"decryption exception: object: "
+ objectName
+ ", data is not a simple encrypted file - type unknown.");
}
}