hatter/tiny-encrypt-java
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feature-issue-2 #3

Merged
hatter merged 3 commits from feature-issue-2 into master 2022-04-03 00:05:12 +08:00
Conversation 0 Commits 3 Files Changed 10 +19 -9
4 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 1fa032ca06 - Show all commits

3
src/main/java/me/hatter/tools/tinyencrypt/TinyEncryptArgs.java
View File

@@ -28,6 +28,9 @@ public class TinyEncryptArgs {
@CommandLine.Option(names = {"--compress"}, description = "Encrypt compress")
boolean compress = false;
@CommandLine.Option(names = {"--require-sign"}, description = "Require signature when create data key")
boolean requireSign = false;
@CommandLine.Option(names = {"-C", "--config"}, description = "Encrypt config")
File config;

2
src/main/java/me/hatter/tools/tinyencrypt/TinyEncryptMain.java
View File

@@ -200,7 +200,7 @@ public class TinyEncryptMain {
}
boolean result;
if (tinyEncryptArgs.encrypt) {
result = EncryptedFileUtil.encryptFile(config, tinyEncryptArgs.key, f, tinyEncryptArgs.compress, tinyEncryptArgs.comment);
result = EncryptedFileUtil.encryptFile(config, tinyEncryptArgs.key, f, tinyEncryptArgs.compress, tinyEncryptArgs.requireSign, tinyEncryptArgs.comment);
} else {
if (tinyEncryptArgs.showInWindow) {
EncryptedFileUtil.decryptInWindow(config, f, tinyEncryptArgs.pgp);

4
src/main/java/me/hatter/tools/tinyencrypt/encrypt/EncryptedFileUtil.java
View File

@@ -136,7 +136,7 @@ public class EncryptedFileUtil {
}
}
public static boolean encryptFile(TinyEncryptConfig config, String keyName, File file, boolean compress, String comment) {
public static boolean encryptFile(TinyEncryptConfig config, String keyName, File file, boolean compress, boolean requireSign, String comment) {
File encFile = getEncryptFile(file);
if (encFile == null) {
log.warn("Cannot encrypt .tinyenc file: " + file);
@@ -147,7 +147,7 @@ public class EncryptedFileUtil {
return false;
}
try {
TinyEncryptMeta meta = TinyEncryptMetaUtil.create(config, comment);
TinyEncryptMeta meta = TinyEncryptMetaUtil.create(config, comment, requireSign);
meta.setFileLength(file.length());
meta.setFileLastModified(file.lastModified());
meta.setCompress(compress);

19
src/main/java/me/hatter/tools/tinyencrypt/encrypt/TinyEncryptMetaUtil.java
View File

@@ -85,10 +85,13 @@ public class TinyEncryptMetaUtil {
return Base64.getDecoder().decode(responseData.getString("dataKey"));
}
public static TinyEncryptMeta create(TinyEncryptConfig config, String comment) {
requireLocalPrivateKeyPem(config);
public static TinyEncryptMeta create(TinyEncryptConfig config, String comment, boolean requireSignature) {
PrivateKey privateKey = null;
if (requireSignature) {
requireLocalPrivateKeyPem(config);
privateKey = KeyUtil.parsePrivateKeyPEM(config.getLocalPrivateKeyPem());
}
PublicKey publicKey = KeyUtil.parsePublicKeyPEM(config.getLocalPublicKeyPem());
PrivateKey privateKey = KeyUtil.parsePrivateKeyPEM(config.getLocalPrivateKeyPem());
PublicKey pgpEncryptPublicKey = null;
if (StringUtil.isNotBlank(config.getPgpEncryptPublicKeyPem())) {
pgpEncryptPublicKey = KeyUtil.parsePublicKeyPEM(config.getPgpEncryptPublicKeyPem());
@@ -97,14 +100,18 @@ public class TinyEncryptMetaUtil {
String timestamp = String.valueOf(System.currentTimeMillis());
String toBeSigned = name + "|" + timestamp;
Bytes sign = Signatures.sha256(privateKey).sign(toBeSigned);
Bytes sign = (privateKey == null) ? null : Signatures.sha256(privateKey).sign(toBeSigned);
List<HttpRequest.KeyValue> keyValues = new ArrayList<>();
keyValues.add(new HttpRequest.KeyValue("name", name));
keyValues.add(new HttpRequest.KeyValue("timestamp", timestamp));
keyValues.add(new HttpRequest.KeyValue("dataKeyPublicKey", KeyUtil.serializePublicKeyToPEM(publicKey)));
keyValues.add(new HttpRequest.KeyValue("dataKeyRequestSign", sign.asBase64()));
log.info("Get data key from kms, key name: " + name + " ...");
if (sign == null) {
keyValues.add(new HttpRequest.KeyValue("skipDataKeyRequestSignVerify", "true"));
} else {
keyValues.add(new HttpRequest.KeyValue("dataKeyRequestSign", sign.asBase64()));
}
log.info("Get data key from kms, key name: " + name + ", with sign: " + (sign != null) + " ...");
Bytes response = HttpRequest.fromUrl(KMS_GET_DATA_KEY).post(keyValues);
JSONObject responseObject = response.asJSON();
if (responseObject.getIntValue("status") != 200) {