Class PGPHelper

java.lang.Object
org.jpos.util.PGPHelper
public class PGPHelper extends Object
PGP utility helpers used by jPOS for license verification, public-key loading, and simple encryption/decryption with Bouncy Castle.

  • Constructor Summary

    Constructors
    Constructor
    Description
    PGPHelper()
    Utility class; instances carry no state.

  • Method Summary

    Modifier and Type
    Method
    Description
    static int
    checkLicense()
    Verifies the licensee file's signature, parses its metadata, and returns a packed status code combining expiration, fingerprint match, instance count, and revocation flags.
    static boolean
    checkSignature()
    Verifies the signature on the bundled licensee file using the embedded jPOS public key.
    static byte[]
    decrypt(byte[] encrypted, InputStream keyIn, char[] password)
    decrypt the passed in message stream
    static byte[]
    decrypt(byte[] encrypted, String keyIn, char[] password)
    decrypt the passed in message stream
    static byte[]
    encrypt(byte[] clearData, InputStream keyRing, String fileName, boolean withIntegrityCheck, boolean armor, String... ids)
    Simple PGP encryptor between byte[].
    static byte[]
    encrypt(byte[] clearData, String keyRing, String fileName, boolean withIntegrityCheck, boolean armor, String... ids)
    Simple PGP encryptor between byte[].
    static License
    getLicense()
    Returns the parsed jPOS License extracted from the licensee resource.
    static String
    getLicensee()
    Returns the licensee file contents as a UTF-8 string with two leading blank lines.
    static String
    getLicenseeHash()
    Returns the SHA hex hash of the licensee text as produced by getLicensee().
    static String
    getVerifiedLicenseText()
    Returns the verified clear-text license payload.
    static int
    node()
    Returns the resolved Q2 node number used during license validation.

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • PGPHelper

      public PGPHelper()
      Utility class; instances carry no state.

  • Method Details

    • checkSignature

      public static boolean checkSignature()
      Verifies the signature on the bundled licensee file using the embedded jPOS public key.
      Returns:
      true if the signature verifies, false otherwise (including any error)

    • checkLicense

      public static int checkLicense()
      Verifies the licensee file's signature, parses its metadata, and returns a packed status code combining expiration, fingerprint match, instance count, and revocation flags.
      Returns:
      packed status code; bits encode validity, expiration, fingerprint match, revocation, and the configured instance count

    • getVerifiedLicenseText

      public static String getVerifiedLicenseText() throws IOException
      Returns the verified clear-text license payload.

      The returned value is the text covered by the clear-text PGP signature, not the armored license block. If the bundled or configured license cannot be signature-verified, or if checkLicense() reports an unacceptable status, this method returns null.

      Status bit 0x10000 (license not bound to this system hash, used by the Community Edition license) is considered acceptable. Critical status bits 0xE0000 are not.

      Returns:
      verified clear-text license payload, or null
      Throws:
      IOException - if the license stream cannot be read

    • getLicensee

      public static String getLicensee() throws IOException
      Returns the licensee file contents as a UTF-8 string with two leading blank lines.
      Returns:
      the licensee text, or empty if the licensee resource is unavailable
      Throws:
      IOException - if reading the licensee stream fails

    • getLicenseeHash

      public static String getLicenseeHash() throws IOException, NoSuchAlgorithmException
      Returns the SHA hex hash of the licensee text as produced by getLicensee().
      Returns:
      the hex-encoded hash
      Throws:
      IOException - if the licensee stream cannot be read
      NoSuchAlgorithmException - if the configured digest is not available

    • node

      public static int node()
      Returns the resolved Q2 node number used during license validation.
      Returns:
      the Q2 node number, or 0 if it could not be resolved

    • encrypt

      public static byte[] encrypt(byte[] clearData, InputStream keyRing, String fileName, boolean withIntegrityCheck, boolean armor, String... ids) throws IOException, org.bouncycastle.openpgp.PGPException, NoSuchProviderException, NoSuchAlgorithmException
      Simple PGP encryptor between byte[].
      Parameters:
      clearData - The test to be encrypted
      keyRing - public key ring input stream
      fileName - File name. This is used in the Literal Data Packet (tag 11) which is really only important if the data is to be related to a file to be recovered later. Because this routine does not know the source of the information, the caller can set something here for file name use that will be carried. If this routine is being used to encrypt SOAP MIME bodies, for example, use the file name from the MIME type, if applicable. Or anything else appropriate.
      withIntegrityCheck - true if an integrity packet is to be included
      armor - true for ascii armor
      ids - destination ids
      Returns:
      encrypted data.
      Throws:
      IOException - if reading keyRing or writing the encrypted output fails
      org.bouncycastle.openpgp.PGPException - if a PGP-level error occurs while building the message
      NoSuchProviderException - if the BC provider is not registered
      NoSuchAlgorithmException - if the requested cipher algorithm is unavailable

    • encrypt

      public static byte[] encrypt(byte[] clearData, String keyRing, String fileName, boolean withIntegrityCheck, boolean armor, String... ids) throws IOException, org.bouncycastle.openpgp.PGPException, NoSuchProviderException, NoSuchAlgorithmException
      Simple PGP encryptor between byte[].
      Parameters:
      clearData - The test to be encrypted
      keyRing - public key ring input stream
      fileName - File name. This is used in the Literal Data Packet (tag 11) which is really only important if the data is to be related to a file to be recovered later. Because this routine does not know the source of the information, the caller can set something here for file name use that will be carried. If this routine is being used to encrypt SOAP MIME bodies, for example, use the file name from the MIME type, if applicable. Or anything else appropriate.
      withIntegrityCheck - true if an integrity packet is to be included
      armor - true for ascii armor
      ids - destination ids
      Returns:
      encrypted data.
      Throws:
      IOException - if keyRing cannot be opened or the encrypted output cannot be written
      org.bouncycastle.openpgp.PGPException - if a PGP-level error occurs while building the message
      NoSuchProviderException - if the BC provider is not registered
      NoSuchAlgorithmException - if the requested cipher algorithm is unavailable

    • decrypt

      public static byte[] decrypt(byte[] encrypted, InputStream keyIn, char[] password) throws IOException, org.bouncycastle.openpgp.PGPException, NoSuchProviderException
      decrypt the passed in message stream
      Parameters:
      encrypted - The message to be decrypted.
      keyIn - secret key ring input stream
      password - Pass phrase (key)
      Returns:
      Clear text as a byte array. I18N considerations are not handled by this routine
      Throws:
      IOException - if keyIn or the encrypted payload cannot be read
      org.bouncycastle.openpgp.PGPException - if a PGP-level error occurs while decrypting
      NoSuchProviderException - if the BC provider is not registered

    • decrypt

      public static byte[] decrypt(byte[] encrypted, String keyIn, char[] password) throws IOException, org.bouncycastle.openpgp.PGPException, NoSuchProviderException
      decrypt the passed in message stream
      Parameters:
      encrypted - The message to be decrypted.
      keyIn - path to the secret key ring file
      password - Pass phrase (key)
      Returns:
      Clear text as a byte array. I18N considerations are not handled by this routine
      Throws:
      IOException - if the key file or encrypted payload cannot be read
      org.bouncycastle.openpgp.PGPException - if a PGP-level error occurs while decrypting
      NoSuchProviderException - if the BC provider is not registered

    • getLicense

      public static License getLicense() throws IOException
      Returns the parsed jPOS License extracted from the licensee resource.
      Returns:
      the current license, including text and status flags
      Throws:
      IOException - if the licensee stream cannot be read