org.apache.nifi.security.util.crypto

Class OpenPGPKeyBasedEncryptor

java.lang.Object

org.apache.nifi.security.util.crypto.OpenPGPKeyBasedEncryptor

All Implemented Interfaces:

EncryptContent.Encryptor

public class OpenPGPKeyBasedEncryptor
extends Object
implements EncryptContent.Encryptor

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private static class	OpenPGPKeyBasedEncryptor.OpenPGPDecryptCallback
private static class	OpenPGPKeyBasedEncryptor.OpenPGPEncryptCallback

Field Summary

Fields

Modifier and Type	Field and Description
private String	algorithm
private Integer	cipher
private String	filename
private String	keyring
private static org.slf4j.Logger	logger
private char[]	passphrase
private String	provider
private String	userId

Constructor Summary

Constructors

Constructor and Description
OpenPGPKeyBasedEncryptor(String algorithm, Integer cipher, String provider, String keyring, String userId, char[] passphrase, String filename)

Method Summary

Modifier and Type	Method and Description
private static org.bouncycastle.openpgp.PGPPrivateKey	getDecryptedPrivateKey(String provider, String secretKeyringFile, char[] passphrase)
private static org.bouncycastle.openpgp.PGPPrivateKey	getDecryptedPrivateKey(String provider, String secretKeyringFile, long keyId, char[] passphrase)
StreamCallback	getDecryptionCallback()
StreamCallback	getEncryptionCallback()
static org.bouncycastle.openpgp.PGPPublicKey	getPublicKey(String userId, String publicKeyringFile)
void	updateAttributes(Map<String,String> attributes)
static boolean	validateKeyring(String provider, String secretKeyringFile, char[] passphrase) Returns true if the passphrase is valid.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final org.slf4j.Logger logger

algorithm

private String algorithm

cipher

private Integer cipher

provider

private String provider

keyring

private String keyring

userId

private String userId

passphrase

private char[] passphrase

filename

private String filename

Constructor Detail

OpenPGPKeyBasedEncryptor

public OpenPGPKeyBasedEncryptor(String algorithm,
                                Integer cipher,
                                String provider,
                                String keyring,
                                String userId,
                                char[] passphrase,
                                String filename)

Method Detail

updateAttributes

public void updateAttributes(Map<String,String> attributes)
                      throws ProcessException

Specified by:

updateAttributes in interface EncryptContent.Encryptor

Throws:

ProcessException

getEncryptionCallback

public StreamCallback getEncryptionCallback()
                                     throws Exception

Specified by:

getEncryptionCallback in interface EncryptContent.Encryptor

Throws:

Exception

getDecryptionCallback

public StreamCallback getDecryptionCallback()
                                     throws Exception

Specified by:

getDecryptionCallback in interface EncryptContent.Encryptor

Throws:

Exception

validateKeyring

public static boolean validateKeyring(String provider,
                                      String secretKeyringFile,
                                      char[] passphrase)
                               throws IOException,
                                      org.bouncycastle.openpgp.PGPException,
                                      NoSuchProviderException

Returns true if the passphrase is valid.

This is used in the EncryptContent custom validation to check if the passphrase can extract a private key from the secret key ring. After BC was upgraded from 1.46 to 1.53, the API changed so this is performed differently but the functionality is equivalent.

Parameters:

provider - the provider name

secretKeyringFile - the file path to the keyring

passphrase - the passphrase

Returns:

true if the passphrase can successfully extract any private key

Throws:

IOException - if there is a problem reading the keyring file

org.bouncycastle.openpgp.PGPException - if there is a problem parsing/extracting the private key

NoSuchProviderException - if the provider is not available

getDecryptedPrivateKey

private static org.bouncycastle.openpgp.PGPPrivateKey getDecryptedPrivateKey(String provider,
                                                                             String secretKeyringFile,
                                                                             char[] passphrase)
                                                                      throws IOException,
                                                                             org.bouncycastle.openpgp.PGPException

Throws:

IOException

org.bouncycastle.openpgp.PGPException

getDecryptedPrivateKey

private static org.bouncycastle.openpgp.PGPPrivateKey getDecryptedPrivateKey(String provider,
                                                                             String secretKeyringFile,
                                                                             long keyId,
                                                                             char[] passphrase)
                                                                      throws IOException,
                                                                             org.bouncycastle.openpgp.PGPException

Throws:

IOException

org.bouncycastle.openpgp.PGPException

getPublicKey

public static org.bouncycastle.openpgp.PGPPublicKey getPublicKey(String userId,
                                                                 String publicKeyringFile)
                                                          throws IOException,
                                                                 org.bouncycastle.openpgp.PGPException

Throws:

IOException

org.bouncycastle.openpgp.PGPException