1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-22 19:08:00 +01:00

Fix signature verification

This commit is contained in:
Paul Schaub 2018-06-08 15:29:09 +02:00
parent 8a2ae0a989
commit 061e1c9292
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
3 changed files with 22 additions and 22 deletions

View file

@ -37,8 +37,6 @@ import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;
public class InputStreamFactory {
private InputStream inputStream;
private final PGPSecretKeyRingCollection decryptionKeys;
private final SecretKeyRingProtector decryptionKeyDecryptor;
private final Set<PGPPublicKeyRing> verificationKeys = new HashSet<>();
@ -47,6 +45,7 @@ public class InputStreamFactory {
private final PainlessResult.Builder resultBuilder = PainlessResult.getBuilder();
private final PGPContentVerifierBuilderProvider verifierBuilderProvider = new BcPGPContentVerifierBuilderProvider();
private final KeyFingerPrintCalculator fingerCalc = new BcKeyFingerprintCalculator();
private final Map<Long, PGPOnePassSignature> verifiableOnePassSignatures = new HashMap<>();
private InputStreamFactory(PGPSecretKeyRingCollection decryptionKeys,
@ -85,9 +84,8 @@ public class InputStreamFactory {
}
private InputStream wrap(PGPObjectFactory objectFactory) throws IOException, PGPException {
KeyFingerPrintCalculator fingerCalc = new BcKeyFingerprintCalculator();
Object pgpObj = null;
Object pgpObj;
while ((pgpObj = objectFactory.nextObject()) != null) {
if (pgpObj instanceof PGPEncryptedDataList) {
@ -107,7 +105,8 @@ public class InputStreamFactory {
if (pgpObj instanceof PGPOnePassSignatureList) {
PGPOnePassSignatureList onePassSignatures = (PGPOnePassSignatureList) pgpObj;
verify(onePassSignatures);
initOnePassSignatures(onePassSignatures);
return wrap(objectFactory);
}
if (pgpObj instanceof PGPLiteralData) {
@ -166,7 +165,7 @@ public class InputStreamFactory {
return decryptionStream;
}
private void verify(PGPOnePassSignatureList onePassSignatureList) throws PGPException {
private void initOnePassSignatures(PGPOnePassSignatureList onePassSignatureList) throws PGPException {
Iterator<PGPOnePassSignature> iterator = onePassSignatureList.iterator();
if (!iterator.hasNext()) {
throw new PGPException("Verification failed - No OnePassSignatures found!");

View file

@ -49,11 +49,12 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
try {
PGPSignatureList signatureList = null;
Iterator objectIterator = objectFactory.iterator();
while (objectIterator.hasNext() && signatureList == null) {
Object object = objectIterator.next();
if (object instanceof PGPSignatureList) {
signatureList = (PGPSignatureList) object;
Object obj = objectFactory.nextObject();
while (obj != null && signatureList == null) {
if (obj instanceof PGPSignatureList) {
signatureList = (PGPSignatureList) obj;
} else {
obj = objectFactory.nextObject();
}
}
@ -70,6 +71,7 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
throw new SignatureException("Bad Signature of key " + signature.getKeyID());
} else {
resultBuilder.addVerifiedSignatureKeyId(signature.getKeyID());
onePassSignatures.remove(signature.getKeyID());
}
}
} catch (PGPException | SignatureException e) {

View file

@ -8,6 +8,7 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.security.Security;
import java.util.Arrays;
import java.util.Collections;
@ -15,7 +16,6 @@ import java.util.Collections;
import de.vanitasvitae.crypto.pgpainless.key.UnprotectedKeysProtector;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
@ -38,7 +38,8 @@ public class EncryptDecryptTest {
}
@Test
public void test() throws IOException, PGPException {
public void test() throws Exception {
Security.addProvider(new BouncyCastleProvider());
PGPPublicKeyRing jPub = new PGPPublicKeyRing(PGPUtil.getDecoderStream(new ByteArrayInputStream(TestKeys.JULIET_PUB.getBytes())), new BcKeyFingerprintCalculator());
ByteArrayOutputStream toEncrypted = new ByteArrayOutputStream();
@ -66,7 +67,8 @@ public class EncryptDecryptTest {
.onInputStream(fromEncrypted)
.decryptWith(new PGPSecretKeyRingCollection(Collections.singleton(juliet)),
new UnprotectedKeysProtector())
.doNotVerify()
.verifyWith(Collections.singleton(jPub.getPublicKey().getKeyID()), Collections.singleton(jPub))
.ignoreMissingPublicKeys()
.build();
InputStream decryptor = resultAndInputStream.getInputStream();
@ -79,14 +81,8 @@ public class EncryptDecryptTest {
assertTrue(Arrays.equals(message.getBytes(), toPlain.toByteArray()));
}
public static void main(String[] args) throws IOException, PGPException {
Security.addProvider(new BouncyCastleProvider());
EncryptDecryptTest test = new EncryptDecryptTest();
test.decryptVerifyTest();
}
@Test
public void decryptVerifyTest() throws IOException, PGPException {
public void decryptVerifyTest() throws Exception {
String encryptedMessage = "-----BEGIN PGP MESSAGE-----\n" +
"\n" +
"hQGMAwAAAAAAAAAAAQwAoJtfpcBPCwhUzzHuVIcBzBLyfIWT/EJ527neb46lN56S\n" +
@ -137,6 +133,9 @@ public class EncryptDecryptTest {
decryptor.close();
toPlain.close();
assertTrue(Arrays.equals("This message is encrypted".getBytes(), toPlain.toByteArray()));
byte[] expected = "This message is encrypted\n".getBytes(Charset.forName("UTF-8"));
byte[] actual = toPlain.toByteArray();
assertTrue(Arrays.equals(expected, actual));
}
}