BouncycastleMessageDecryptionVerificationHandler.java

来源：互联网发布：淘宝男内裤买家秀编辑：程序博客网时间：2024/06/04 00:39

https://www.epointsystem.org/trac/epoint_issuer/browser/branches/redcentSpringBranch/redcent-core/src/main/java/de/nachtlicht_media/epoint/redcent/crypto/BouncycastleMessageDecryptionVerificationHandler.java?rev=296

/*******************************************************************************

2 * Copyright (c) 2006-2009 Janis Schuller, Nachtlicht-Media3 * 4 * The software and the associated documentation are licensed under the5 * GNU GENERAL PUBLIC LICENSE, Version 3, 29 June 2007. For a detailed6 * license description, see LICENSE.7 * 8 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR9 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,10 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE11 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER12 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,13 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN14 * THE SOFTWARE.15 *******************************************************************************/16package de.nachtlicht_media.epoint.redcent.crypto;17 18import java.beans.beancontext.BeanContextSupport;19import java.io.BufferedReader;20import java.io.ByteArrayInputStream;21import java.io.ByteArrayOutputStream;22import java.io.IOException;23import java.io.InputStream;24import java.io.InputStreamReader;25import java.net.URI;26import java.net.URISyntaxException;27import java.util.Iterator;28 29import org.apache.commons.codec.binary.Hex;30import org.apache.commons.logging.Log;31import org.apache.commons.logging.LogFactory;32import org.bouncycastle.bcpg.ArmoredInputStream;33import org.bouncycastle.bcpg.ArmoredOutputStream;34import org.bouncycastle.openpgp.PGPCompressedData;35import org.bouncycastle.openpgp.PGPEncryptedDataList;36import org.bouncycastle.openpgp.PGPException;37import org.bouncycastle.openpgp.PGPLiteralData;38import org.bouncycastle.openpgp.PGPObjectFactory;39import org.bouncycastle.openpgp.PGPOnePassSignature;40import org.bouncycastle.openpgp.PGPOnePassSignatureList;41import org.bouncycastle.openpgp.PGPPrivateKey;42import org.bouncycastle.openpgp.PGPPublicKey;43import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;44import org.bouncycastle.openpgp.PGPPublicKeyRing;45import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;46import org.bouncycastle.openpgp.PGPSecretKey;47import org.bouncycastle.openpgp.PGPSecretKeyRing;48import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;49import org.bouncycastle.openpgp.PGPSignature;50import org.bouncycastle.openpgp.PGPSignatureList;51import org.bouncycastle.openpgp.PGPUtil;52import org.springframework.beans.factory.BeanFactoryUtils;53import org.springframework.beans.factory.annotation.Autowired;54import org.springframework.context.ApplicationContext;55import org.springframework.context.support.ApplicationObjectSupport;56import org.springframework.context.support.StaticApplicationContext;57 58import de.nachtlicht_media.epoint.redcent.AuthorizedIssuer;59import de.nachtlicht_media.epoint.redcent.exception.BadsignatureException;60import de.nachtlicht_media.epoint.redcent.exception.InvalidPGPMessageException;61import de.nachtlicht_media.epoint.redcent.interfaces.AuthorizedIssuerStore;62import de.nachtlicht_media.epoint.redcent.interfaces.MessageDecryptionVerificationHandler;63 64public class BouncycastleMessageDecryptionVerificationHandlerimplements MessageDecryptionVerificationHandler65{66 AuthorizedIssuerStore authorizedIssuerStore;67 68 public static final String THE_KEY_THAT_WAS_USED_TO_SIGN_THE_MESSAGE_IS_NO_MORE_VALID ="The key that was used to sign the message is no more valid.";69 public static final String THE_KEY_THAT_WAS_USED_TO_SIGN_THE_MESSAGE_IS_REVOKED ="The key that was used to sign the message is revoked.";70 71 private static final Log log = LogFactory.getLog(BouncycastleMessageDecryptionVerificationHandler.class);72 73 private byte[] message;74 75 private String clearText =null;76 private String encryptedTo =null;77 private String signedByMaster =null;78 private String signedBy =null;79 private Long keyId = null;80 81 private Boolean signerIsNotary =null;82 private Boolean signerIsAuthorizedIssuer =null;83 private Boolean signerIsIssuersMasterKey=null;84 85 private Boolean isValid =null;86 private Boolean isEncrypted =null;87 private Boolean isClearText =null;88 89 private PGPPublicKeyRingCollection pubRing;90 private PGPSecretKeyRingCollection secRing;91 private String issuersSecretKeyPassword;92 private PGPPublicKeyRingCollection embeddedNotaryPubRing;93 private PGPPublicKeyRing issuerMasterPubRing;94 95 public BouncycastleMessageDecryptionVerificationHandler(AuthorizedIssuerStore authorizedIssuerStore, PGPPublicKeyRingCollection pubRing, PGPSecretKeyRingCollection secRing, String issuersKeyPassword, PGPPublicKeyRing issuerMasterPubRing, PGPPublicKeyRingCollection trustedPubRing)throws Exception96 {97 this.authorizedIssuerStore = authorizedIssuerStore;98 this.pubRing = pubRing;99 this.secRing = secRing;100 this.embeddedNotaryPubRing = trustedPubRing;101 this.issuersSecretKeyPassword = issuersKeyPassword;102 this.issuerMasterPubRing = issuerMasterPubRing;103 }104 105 public synchronized void setMessage(byte[] message)106 {107 if (this.message ==null)108 this.message = message;109 else110 throw new IllegalArgumentException("Multiple calls to setMessage() are not permitted.");111 }112 113 public byte[] getMessage()114 {115 return message;116 }117 118 public void analyse() throws InvalidPGPMessageException119 {120 try121 {122 byte[] decodedMessage = getMessage();//URLDecoder.decode(getMessage(), "UTF-8");123 log.debug("Decoded Message from UTF-8:\n" +new String(decodedMessage, "UTF-8"));124 125 // switch message type: clearSigned or encrypted/signed126 ArmoredInputStream aIn =new ArmoredInputStream(new ByteArrayInputStream(decodedMessage));127 128 if (aIn.isClearText())129 {130 log.debug("Processing clearsigned message...");131 verifyClearSignedMessage(new ByteArrayInputStream(decodedMessage));132 isClearText = Boolean.TRUE;133 }134 else135 {136 log.debug("Processing signed/encrypted message...");137 decrypt(new ByteArrayInputStream(decodedMessage));138 isClearText = Boolean.FALSE;139 }140 }141 catch(Exception ex)142 {143 throw new InvalidPGPMessageException(ex);144 }145 }146 147 private void debugDumpKeyRings(PGPSecretKeyRingCollection secRing, PGPPublicKeyRingCollection pubRing)148 {149 Iterator outIter = pubRing.getKeyRings();150 while(outIter.hasNext())151 {152 PGPPublicKeyRing ring = (PGPPublicKeyRing)outIter.next();153 Iterator iter = ring.getPublicKeys();154 while(iter.hasNext())155 {156 PGPPublicKey publicKey = ((PGPPublicKey)iter.next());157 log.trace("Got public key: " + publicKey.getKeyID() +" algo: " + publicKey.getAlgorithm() +" FingerPrint: " + new String(Hex.encodeHex(publicKey.getFingerprint()))158 + " daysvalid " + publicKey.getValidDays());159 }160 }161 162 outIter = secRing.getKeyRings();163 while(outIter.hasNext())164 {165 PGPSecretKeyRing ring = (PGPSecretKeyRing)outIter.next();166 167 Iterator iter = ring.getSecretKeys();168 while(iter.hasNext())169 {170 PGPSecretKey secretKey = ((PGPSecretKey)iter.next());171 log.trace("Got secret key: " + secretKey.getKeyID() + secretKey.isMasterKey() + secretKey.isSigningKey());172 }173 }174 }175 176 public String getClearText()177 {178 return clearText;179 }180 181 public String getEncryptedTo()182 {183 return encryptedTo;184 }185 186 public String getSigner()187 {188 return signedBy;189 }190 191 public String getSignerMaster()192 {193 return signedByMaster;194 }195 196 public Boolean signerIsAuthorizedIssuer()197 {198 return signerIsAuthorizedIssuer;199 }200 201 public Boolean signerIsNotary()202 {203 return signerIsNotary;204 }205 206 public Boolean signerIsIssuersMasterKey()207 {208 return signerIsIssuersMasterKey;209 }210 211 public Boolean isClearText()212 {213 return isClearText;214 }215 216 public Boolean isEncrypted()217 {218 return isEncrypted;219 }220 221 public Boolean isValid()222 {223 return isValid;224 }225 226 private void decrypt(InputStream in) throws Exception227 {228 // messages are armored...229 ArmoredInputStream aIn =new ArmoredInputStream(in);230 231 PGPObjectFactory fac = new PGPObjectFactory(aIn);232 233 Object o = null;234 235 if((o = fac.nextObject()) !=null)236 {237 log.trace(o);238 239 if (oinstanceof PGPEncryptedDataList)240 {241 PGPEncryptedDataList dl = (PGPEncryptedDataList)o;242 Iterator iter = dl.getEncryptedDataObjects();243 while(iter.hasNext())244 {245 Object dataItem = iter.next();246 247 log.debug("Read next dataItem from PGPEncryptedDataList: " + dataItem);248 249 if (dataIteminstanceof PGPPublicKeyEncryptedData)250 {251 PGPPublicKeyEncryptedData pubEncData = (PGPPublicKeyEncryptedData)dataItem;252 log.debug("Data was encrypted using public key: " + pubEncData.getKeyID());253 254 isEncrypted = Boolean.TRUE;255 256 PGPSecretKey secKey = secRing.getSecretKey(pubEncData.getKeyID());257 if (secKey ==null)258 {259 log.debug("Could not locate private key with id " + pubEncData.getKeyID());260 continue;261 }262 else263 log.debug("Secret key is: " + secKey);264 265 PGPPublicKey pubKey = pubRing.getPublicKey(pubEncData.getKeyID());266 if (pubKey ==null)267 {268 log.debug("Could not locate public key with id " + pubEncData.getKeyID());269 continue;270 }271 272 log.debug("Public key data was encrypted to found: " + pubKey +" using algorithm " + pubKey.getAlgorithm());273 274 encryptedTo = String.valueOf(pubKey.getFingerprint());275 276 PGPPrivateKey privKey = secKey.extractPrivateKey(issuersSecretKeyPassword.toCharArray(),"BC");277 log.debug("Private key is: " + privKey);278 279 log.debug("Reading data... ");280 InputStream dataStream = pubEncData.getDataStream(privKey,"BC");281 282 PGPObjectFactory plainFac = new PGPObjectFactory(dataStream);283 284 Object decO = null;285 if((decO = plainFac.nextObject()) !=null)286 {287 log.trace("Found decrypted Object: " + decO);288 if(decOinstanceof PGPCompressedData)289 {290 PGPCompressedData data = (PGPCompressedData)decO;291 PGPObjectFactory dataFac =new PGPObjectFactory(data.getDataStream());292 293 Object decompO =null;294 while((decompO = dataFac.nextObject()) !=null)295 {296 log.trace("Decrypted decompressed data is: " + decompO);297 if (decompO instanceof PGPLiteralData)298 {299 PGPLiteralData lit = (PGPLiteralData)decompO;300 clearText = extractClearTextFromPGPLiteral(lit);301 log.debug("Extracted cleartext:" + clearText);302 isValid = applyValidityChecks(Boolean.TRUE, pubKey);303 304 return;305 }306 else if (decompOinstanceof PGPOnePassSignatureList)307 {308 PGPOnePassSignatureList sigLst = (PGPOnePassSignatureList)decompO;309 310 for (int i = 0; i < sigLst.size(); i++)311 {312 PGPOnePassSignature sig = sigLst.get(i);313 log.debug("Found signature created with key " + sig.getKeyID() +" type " + sig.getSignatureType());314 315 PGPPublicKey sigVKey = getEmbeddedNotaryPubRing().getPublicKey(sig.getKeyID());316 317 if (sigVKey == null)318 {319 // If it is just a plain public key, it has no rights320 sigVKey = getPubRing().getPublicKey(sig.getKeyID());321 signerIsNotary = Boolean.FALSE;322 signerIsAuthorizedIssuer = Boolean.FALSE;323 324 AuthorizedIssuer ai = authorizedIssuerStore.findAuthorizedIssuerByKeyID(sig.getKeyID());325 if (ai != null) {326 327 ArmoredInputStream aiKeyIn =new ArmoredInputStream(new ByteArrayInputStream(ai.getPublicKey().getBytes("UTF-8")));328 sigVKey =new PGPPublicKeyRing(aiKeyIn).getPublicKey(sig.getKeyID());329 aiKeyIn.close();330 331 if (sigVKey != null) {332 log.debug("Public key for signature verification is " + sigVKey);333 signerIsNotary = ai.hasNotaryRights();334 signerIsAuthorizedIssuer = Boolean.TRUE;335 }336 }337 }338 else339 {340 log.debug("Public key for signature verification is an embedded NOTARY key " + sigVKey);341 signerIsNotary = Boolean.TRUE;342 343 AuthorizedIssuer ai = authorizedIssuerStore.findAuthorizedIssuerByKeyID(findMasterKey(getEmbeddedNotaryPubRing(), sig.getKeyID()).getKeyID());344 345 if (ai != null) {346 if (!ai.hasNotaryRights())347 log.warn("Encoutered embedded notary " + ai.getFingerprint() +" who does does not have notary rights granted in authorizedIssuerStore!");348 349 signerIsAuthorizedIssuer = Boolean.TRUE;350 }351 }352 353 // verify if this signature was created by the issuer's master key354 PGPPublicKey sigIssuerMasterKey = issuerMasterPubRing.getPublicKey(sig.getKeyID());355 signerIsIssuersMasterKey = (sigIssuerMasterKey !=null);356 357 358 signedBy =new String(Hex.encodeHex(sigVKey.getFingerprint())).toUpperCase();359 360 if (sigVKey.isMasterKey())361 signedByMaster =new String(Hex.encodeHex(sigVKey.getFingerprint())).toUpperCase();362 else363 {364 // Try to find the corresponding master-key365 PGPPublicKey masterKey = findMasterKey(getEmbeddedNotaryPubRing(), sig.getKeyID());366 367 if (masterKey == null)368 masterKey = findMasterKey(pubRing, sig.getKeyID());369 370 if (masterKey != null)371 signedByMaster =new String(Hex.encodeHex(masterKey.getFingerprint())).toUpperCase();372 else373 signedByMaster =null;374 }375 376 keyId =new Long(sigVKey.getKeyID());377 378 PGPLiteralData p2 = (PGPLiteralData)dataFac.nextObject();379 InputStream dIn = p2.getInputStream();380 ByteArrayOutputStream out =new ByteArrayOutputStream();381 int ch;382 383 sig.initVerify(sigVKey,"BC");384 385 while ((ch = dIn.read()) >= 0)386 {387 sig.update((byte)ch);388 out.write(ch);389 }390 out.close();391 PGPSignatureList p3 = (PGPSignatureList)dataFac.nextObject();392 393 if (sig.verify(p3.get(0)))394 {395 log.debug("signature verified: " + out.toString("UTF-8"));396 clearText = out.toString("UTF-8");397 isValid = Boolean.TRUE;398 }399 else400 {401 log.debug("signature verification failed.");402 isValid = Boolean.FALSE;403 signerIsAuthorizedIssuer =null;404 signerIsIssuersMasterKey =null;405 signerIsNotary =null;406 }407 }408 }409 }410 }411 }412 }413 }414 }415 else416 throw new Exception("Found unsupported Data: " + o);417 }418 else419 {420 isValid = Boolean.FALSE;421 throw new Exception("Message contains no valid object or is not a valid PGP Message");422 }423 }424 425 private Boolean applyValidityChecks(Boolean valueToSet, PGPPublicKey pubKey)throws InvalidPGPMessageException426 {427 log.debug("The key "+pubKey.getKeyID()+" (Version "+pubKey.getVersion()+") that was used to sign the message is "+(pubKey.isMasterKey()?"":" not ")+"a master key.");428 log.debug("The key "+pubKey.getKeyID()+" that was used to sign the message is valid for " + pubKey.getValidSeconds() +" seconds.");429 log.debug("The key "+pubKey.getKeyID()+" that was used to sign the message is valid for " + pubKey.getValidDays() +" days.");430 431 if (Boolean.TRUE.equals(valueToSet))432 {433 if (pubKey.isRevoked())434 throw new InvalidPGPMessageException(THE_KEY_THAT_WAS_USED_TO_SIGN_THE_MESSAGE_IS_REVOKED);435 else if (pubKey.getValidSeconds() != 0 && BouncycastleUtil.keyHasExpired(pubKey))436 {437 throw new InvalidPGPMessageException(THE_KEY_THAT_WAS_USED_TO_SIGN_THE_MESSAGE_IS_NO_MORE_VALID);438 }439 else440 return Boolean.TRUE;441 }442 else443 return Boolean.FALSE;444 }445 446 private PGPPublicKey findMasterKey(PGPPublicKeyRingCollection publicKeyRingCollection,long keyID) throws PGPException447 {448 PGPPublicKeyRing masterKeyRing = publicKeyRingCollection.getPublicKeyRing(keyID);449 450 if (masterKeyRing !=null)451 {452 return extractMasterKeyFromRing(masterKeyRing);453 }454 455 return null;456 }457 458 private static PGPPublicKey extractMasterKeyFromRing(PGPPublicKeyRing searchRing)459 {460 Iterator<PGPPublicKey> iter = searchRing.getPublicKeys();461 while(iter.hasNext())462 {463 PGPPublicKey key = iter.next();464 if (key.isMasterKey())465 return key;466 }467 468 return null;469 }470 471 private URI extractURIDataFromPGPLiteral(PGPLiteralData lit)throws IOException, URISyntaxException472 {473 log.trace("Decrypted decompressed literal's format is: " + (char)lit.getFormat());474 BufferedReader reader = new BufferedReader(new InputStreamReader(lit.getDataStream()));475 476 String request = reader.readLine();477 URI uri = new URI(request);478 479 log.trace("URI: " + uri);480 log.trace("Path: " + uri.getPath());481 log.trace("Query: " + uri.getQuery());482 483 return uri;484 }485 486 private String extractClearTextFromPGPLiteral(PGPLiteralData lit)throws IOException, URISyntaxException487 {488 log.trace("Decrypted decompressed literal's format is: " + (char)lit.getFormat());489 BufferedReader reader = new BufferedReader(new InputStreamReader(lit.getDataStream(),"UTF8"));490 491 StringBuffer clearTextBuffer = new StringBuffer();492 493 String line;494 while((line = reader.readLine()) !=null)495 {496 log.debug("Read line: " + line);497 clearTextBuffer.append(line + "\n");498 }499 500 return clearTextBuffer.toString();501 }502 503 private void verifyClearSignedMessage(InputStream in) throws Exception504 {505 ArmoredInputStream aIn = new ArmoredInputStream(in);506 507 //508 // read the input, making sure we ingore the last newline.509 //510 int ch, lastCh;511 boolean newLine =false;512 ByteArrayOutputStream bOut = new ByteArrayOutputStream();513 514 lastCh = 0;515 516 while ((ch = aIn.read()) >= 0 && aIn.isClearText())517 {518 if (lastCh == '\r' && ch == '\n')519 {520 continue;521 }522 523 if (newLine)524 {525 bOut.write(lastCh);526 newLine = false;527 }528 529 if (ch == '\r' || ch == '\n')530 {531 lastCh = ch;532 newLine = true;533 continue;534 }535 536 bOut.write((byte)ch);537 lastCh = ch;538 }539 540 PGPObjectFactory pgpFact = new PGPObjectFactory(aIn);541 PGPSignatureList p3 = (PGPSignatureList)pgpFact.nextObject();542 PGPSignature sig = p3.get(0);543 544 PGPPublicKey signKey = getEmbeddedNotaryPubRing().getPublicKey(sig.getKeyID());545 if (signKey == null)546 {547 AuthorizedIssuer ai = authorizedIssuerStore.findAuthorizedIssuerByKeyID(sig.getKeyID());548 549 if (ai != null) {550 ArmoredInputStream aiKeyIn = new ArmoredInputStream(new ByteArrayInputStream(ai.getPublicKey().getBytes("UTF-8")));551 signKey = new PGPPublicKeyRing(aiKeyIn).getPublicKey(sig.getKeyID());552 aiKeyIn.close();553 554 if (signKey !=null) {555 log.debug("Public key for signature verification is " + signKey);556 signerIsNotary = ai.hasNotaryRights();557 signerIsAuthorizedIssuer = Boolean.TRUE;558 } else559 log.warn("AI retrieved from DB does not contain requested key " + sig.getKeyID());560 561 } else {562 log.debug("Cannot resolve AI key for id " + sig.getKeyID());563 }564 565 if (signKey ==null) {566 // Lookup key in public key rings (with temporarily added pubkeys from external requests)567 signKey = getPubRing().getPublicKey(sig.getKeyID());568 569 if (signKey !=null)570 log.debug("Public key for clearsigned message verification is contained in the issuer's collection of public keys" + signKey);571 else572 log.debug("Encountered unknown public key + " + sig.getKeyID());573 }574 }575 else576 {577 log.debug("Public key for clearsigned message verification is an embedded NOTARY key " + signKey);578 signerIsNotary = Boolean.TRUE;579 580 AuthorizedIssuer ai = authorizedIssuerStore.findAuthorizedIssuerByKeyID(sig.getKeyID());581 if (ai !=null) {582 if (!ai.hasNotaryRights())583 log.warn("Encoutered embedded notary " + ai.getFingerprint() +" who does does not have notaryRights granted in authorizedIssuerStore!");584 585 signerIsAuthorizedIssuer = Boolean.TRUE;586 }587 }588 589 // verify if this signature was created by the issuer's master key590 PGPPublicKey sigIssuerMasterKey = issuerMasterPubRing.getPublicKey(sig.getKeyID());591 signerIsIssuersMasterKey = (sigIssuerMasterKey != null);592 593 log.debug("The key used to sign is: " + signKey + (signKey !=null ? " id: 0x" + String.valueOf(Hex.encodeHex(signKey.getFingerprint())) +" isMaster: " + signKey.isMasterKey() +" isNotary: " + signerIsNotary +" isAuthorizedIssuer: " + signerIsAuthorizedIssuer +" signerIsIssuersMasterKey: " + signerIsIssuersMasterKey :""));594 595 sig.initVerify(signKey, "BC");596 597 sig.update(bOut.toByteArray());598 599 if (sig.verify())600 {601 log.debug("signature verified.");602 isValid = applyValidityChecks(Boolean.TRUE, signKey);603 clearText = new String(bOut.toByteArray(),"UTF-8") + "\n";604 signedBy = new String(Hex.encodeHex(signKey.getFingerprint())).toUpperCase();605 606 if (signKey.isMasterKey())607 signedByMaster = new String(Hex.encodeHex(signKey.getFingerprint())).toUpperCase();608 else609 {610 // Try to find the corresponding master-key611 PGPPublicKey masterKey = findMasterKey(getEmbeddedNotaryPubRing(), sig.getKeyID());612 613 if (masterKey ==null)614 masterKey = findMasterKey(getPubRing(), sig.getKeyID());615 616 if (masterKey !=null)617 signedByMaster = new String(Hex.encodeHex(masterKey.getFingerprint())).toUpperCase();618 else619 signedByMaster = null;620 }621 622 keyId = new Long(sig.getKeyID());623 }624 else625 {626 log.debug("signature verification failed.");627 isValid = Boolean.FALSE;628 signerIsAuthorizedIssuer = null;629 signerIsIssuersMasterKey = null;630 signerIsNotary = null;631 }632 }633 634 // TODO: replace with temp handler635 publicvoid addPublicKey(String asciiArmoredPublicKey)throws Exception636 {637 PGPPublicKeyRingCollection pCol = new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(new ByteArrayInputStream(asciiArmoredPublicKey.getBytes())));638 if (pCol.size() == 0)639 throw new Exception("No valid public key could be extracted from data: " + asciiArmoredPublicKey);640 else641 {642 Iterator iter = pCol.getKeyRings();643 644 while(iter.hasNext())645 PGPPublicKeyRingCollection.addPublicKeyRing(getPubRing(), (PGPPublicKeyRing)iter.next());646 }647 }648 649 public String getSignersPublicKey()throws Exception650 {651 if (isValid() !=null && Boolean.TRUE.equals(isValid()) && getSigner() !=null && keyId != null)652 {653 // Look for public key first654 PGPPublicKey key = getPubRing().getPublicKey(keyId.longValue());655 656 // If not found, the message might be signed with a trusted public key657 if (key ==null)658 getEmbeddedNotaryPubRing().getPublicKey(keyId.longValue());659 660 if (key !=null)661 {662 ByteArrayOutputStream bOut = new ByteArrayOutputStream();663 ArmoredOutputStream aOut = new ArmoredOutputStream(bOut);664 aOut.write(key.getEncoded());665 666 // flush and close the stream667 aOut.flush();668 aOut.close();669 670 // return the ascii armored public key671 return bOut.toString();672 }673 }674 675 return null;676 }677 678 private PGPPublicKeyRingCollection getPubRing()throws Exception679 {680 return pubRing;681 }682 683 private PGPSecretKeyRingCollection getSecRing()throws Exception684 {685 return secRing;686 }687 688 private PGPPublicKeyRingCollection getEmbeddedNotaryPubRing()throws Exception689 {690 return embeddedNotaryPubRing;691 }692}