// Copyright 2017 The Nomulus Authors. All Rights Reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package google.registry.tools; import static com.google.common.base.Preconditions.checkArgument; import static java.nio.file.StandardCopyOption.REPLACE_EXISTING; import com.beust.jcommander.Parameter; import com.beust.jcommander.Parameters; import com.google.common.io.ByteStreams; import google.registry.keyring.api.KeyModule.Key; import google.registry.rde.Ghostryde; import google.registry.tools.params.PathParameter; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import javax.inject.Inject; import javax.inject.Provider; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPrivateKey; import org.bouncycastle.openpgp.PGPPublicKey; /** Command to encrypt/decrypt {@code .ghostryde} files. */ @Parameters(separators = " =", commandDescription = "Encrypt/decrypt a ghostryde file.") final class GhostrydeCommand implements CommandWithRemoteApi { @Parameter( names = {"-e", "--encrypt"}, description = "Encrypt mode.") private boolean encrypt; @Parameter( names = {"-d", "--decrypt"}, description = "Decrypt mode.") private boolean decrypt; @Parameter( names = {"-i", "--input"}, description = "Input file.", validateWith = PathParameter.InputFile.class) private Path input = Paths.get("/dev/stdin"); @Parameter( names = {"-o", "--output"}, description = "Output file. If this is a directory: (a) in --encrypt mode, the output " + "filename will be the input filename with '.ghostryde' appended, and will have an " + "extra '.length' file with the original file's length; (b) In --decrypt " + "mode, the output filename will be the input filename with '.decrypt' appended.", validateWith = PathParameter.class) private Path output = Paths.get("/dev/stdout"); @Inject @Key("rdeStagingEncryptionKey") Provider rdeStagingEncryptionKey; @Inject @Key("rdeStagingDecryptionKey") Provider rdeStagingDecryptionKey; @Override public final void run() throws Exception { checkArgument(encrypt ^ decrypt, "Please specify either --encrypt or --decrypt"); if (encrypt) { runEncrypt(); } else { runDecrypt(); } } private void runEncrypt() throws IOException, PGPException { Path outFile = Files.isDirectory(output) ? output.resolve(input.getFileName() + ".ghostryde") : output; Path lenOutFile = Files.isDirectory(output) ? output.resolve(input.getFileName() + ".length") : null; try (OutputStream out = Files.newOutputStream(outFile); OutputStream lenOut = lenOutFile == null ? null : Files.newOutputStream(lenOutFile); OutputStream ghostrydeEncoder = Ghostryde.encoder(out, rdeStagingEncryptionKey.get(), lenOut); InputStream in = Files.newInputStream(input)) { ByteStreams.copy(in, ghostrydeEncoder); } } private void runDecrypt() throws IOException, PGPException { try (InputStream in = Files.newInputStream(input); InputStream ghostDecoder = Ghostryde.decoder(in, rdeStagingDecryptionKey.get())) { Path outFile = Files.isDirectory(output) ? output.resolve(input.getFileName() + ".decrypt") : output; Files.copy(ghostDecoder, outFile, REPLACE_EXISTING); } } }