mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-01-08 19:27:57 +01:00
Fix signature verification
This commit is contained in:
parent
8a2ae0a989
commit
061e1c9292
3 changed files with 22 additions and 22 deletions
|
@ -37,8 +37,6 @@ import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;
|
||||||
|
|
||||||
public class InputStreamFactory {
|
public class InputStreamFactory {
|
||||||
|
|
||||||
private InputStream inputStream;
|
|
||||||
|
|
||||||
private final PGPSecretKeyRingCollection decryptionKeys;
|
private final PGPSecretKeyRingCollection decryptionKeys;
|
||||||
private final SecretKeyRingProtector decryptionKeyDecryptor;
|
private final SecretKeyRingProtector decryptionKeyDecryptor;
|
||||||
private final Set<PGPPublicKeyRing> verificationKeys = new HashSet<>();
|
private final Set<PGPPublicKeyRing> verificationKeys = new HashSet<>();
|
||||||
|
@ -47,6 +45,7 @@ public class InputStreamFactory {
|
||||||
|
|
||||||
private final PainlessResult.Builder resultBuilder = PainlessResult.getBuilder();
|
private final PainlessResult.Builder resultBuilder = PainlessResult.getBuilder();
|
||||||
private final PGPContentVerifierBuilderProvider verifierBuilderProvider = new BcPGPContentVerifierBuilderProvider();
|
private final PGPContentVerifierBuilderProvider verifierBuilderProvider = new BcPGPContentVerifierBuilderProvider();
|
||||||
|
private final KeyFingerPrintCalculator fingerCalc = new BcKeyFingerprintCalculator();
|
||||||
private final Map<Long, PGPOnePassSignature> verifiableOnePassSignatures = new HashMap<>();
|
private final Map<Long, PGPOnePassSignature> verifiableOnePassSignatures = new HashMap<>();
|
||||||
|
|
||||||
private InputStreamFactory(PGPSecretKeyRingCollection decryptionKeys,
|
private InputStreamFactory(PGPSecretKeyRingCollection decryptionKeys,
|
||||||
|
@ -85,9 +84,8 @@ public class InputStreamFactory {
|
||||||
}
|
}
|
||||||
|
|
||||||
private InputStream wrap(PGPObjectFactory objectFactory) throws IOException, PGPException {
|
private InputStream wrap(PGPObjectFactory objectFactory) throws IOException, PGPException {
|
||||||
KeyFingerPrintCalculator fingerCalc = new BcKeyFingerprintCalculator();
|
|
||||||
|
|
||||||
Object pgpObj = null;
|
Object pgpObj;
|
||||||
while ((pgpObj = objectFactory.nextObject()) != null) {
|
while ((pgpObj = objectFactory.nextObject()) != null) {
|
||||||
|
|
||||||
if (pgpObj instanceof PGPEncryptedDataList) {
|
if (pgpObj instanceof PGPEncryptedDataList) {
|
||||||
|
@ -107,7 +105,8 @@ public class InputStreamFactory {
|
||||||
|
|
||||||
if (pgpObj instanceof PGPOnePassSignatureList) {
|
if (pgpObj instanceof PGPOnePassSignatureList) {
|
||||||
PGPOnePassSignatureList onePassSignatures = (PGPOnePassSignatureList) pgpObj;
|
PGPOnePassSignatureList onePassSignatures = (PGPOnePassSignatureList) pgpObj;
|
||||||
verify(onePassSignatures);
|
initOnePassSignatures(onePassSignatures);
|
||||||
|
return wrap(objectFactory);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pgpObj instanceof PGPLiteralData) {
|
if (pgpObj instanceof PGPLiteralData) {
|
||||||
|
@ -166,7 +165,7 @@ public class InputStreamFactory {
|
||||||
return decryptionStream;
|
return decryptionStream;
|
||||||
}
|
}
|
||||||
|
|
||||||
private void verify(PGPOnePassSignatureList onePassSignatureList) throws PGPException {
|
private void initOnePassSignatures(PGPOnePassSignatureList onePassSignatureList) throws PGPException {
|
||||||
Iterator<PGPOnePassSignature> iterator = onePassSignatureList.iterator();
|
Iterator<PGPOnePassSignature> iterator = onePassSignatureList.iterator();
|
||||||
if (!iterator.hasNext()) {
|
if (!iterator.hasNext()) {
|
||||||
throw new PGPException("Verification failed - No OnePassSignatures found!");
|
throw new PGPException("Verification failed - No OnePassSignatures found!");
|
||||||
|
|
|
@ -49,11 +49,12 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
PGPSignatureList signatureList = null;
|
PGPSignatureList signatureList = null;
|
||||||
Iterator objectIterator = objectFactory.iterator();
|
Object obj = objectFactory.nextObject();
|
||||||
while (objectIterator.hasNext() && signatureList == null) {
|
while (obj != null && signatureList == null) {
|
||||||
Object object = objectIterator.next();
|
if (obj instanceof PGPSignatureList) {
|
||||||
if (object instanceof PGPSignatureList) {
|
signatureList = (PGPSignatureList) obj;
|
||||||
signatureList = (PGPSignatureList) object;
|
} else {
|
||||||
|
obj = objectFactory.nextObject();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -70,6 +71,7 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
|
||||||
throw new SignatureException("Bad Signature of key " + signature.getKeyID());
|
throw new SignatureException("Bad Signature of key " + signature.getKeyID());
|
||||||
} else {
|
} else {
|
||||||
resultBuilder.addVerifiedSignatureKeyId(signature.getKeyID());
|
resultBuilder.addVerifiedSignatureKeyId(signature.getKeyID());
|
||||||
|
onePassSignatures.remove(signature.getKeyID());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (PGPException | SignatureException e) {
|
} catch (PGPException | SignatureException e) {
|
||||||
|
|
|
@ -8,6 +8,7 @@ import java.io.ByteArrayOutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
|
import java.nio.charset.Charset;
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
@ -15,7 +16,6 @@ import java.util.Collections;
|
||||||
import de.vanitasvitae.crypto.pgpainless.key.UnprotectedKeysProtector;
|
import de.vanitasvitae.crypto.pgpainless.key.UnprotectedKeysProtector;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
||||||
|
@ -38,7 +38,8 @@ public class EncryptDecryptTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void test() throws IOException, PGPException {
|
public void test() throws Exception {
|
||||||
|
Security.addProvider(new BouncyCastleProvider());
|
||||||
PGPPublicKeyRing jPub = new PGPPublicKeyRing(PGPUtil.getDecoderStream(new ByteArrayInputStream(TestKeys.JULIET_PUB.getBytes())), new BcKeyFingerprintCalculator());
|
PGPPublicKeyRing jPub = new PGPPublicKeyRing(PGPUtil.getDecoderStream(new ByteArrayInputStream(TestKeys.JULIET_PUB.getBytes())), new BcKeyFingerprintCalculator());
|
||||||
|
|
||||||
ByteArrayOutputStream toEncrypted = new ByteArrayOutputStream();
|
ByteArrayOutputStream toEncrypted = new ByteArrayOutputStream();
|
||||||
|
@ -66,7 +67,8 @@ public class EncryptDecryptTest {
|
||||||
.onInputStream(fromEncrypted)
|
.onInputStream(fromEncrypted)
|
||||||
.decryptWith(new PGPSecretKeyRingCollection(Collections.singleton(juliet)),
|
.decryptWith(new PGPSecretKeyRingCollection(Collections.singleton(juliet)),
|
||||||
new UnprotectedKeysProtector())
|
new UnprotectedKeysProtector())
|
||||||
.doNotVerify()
|
.verifyWith(Collections.singleton(jPub.getPublicKey().getKeyID()), Collections.singleton(jPub))
|
||||||
|
.ignoreMissingPublicKeys()
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
InputStream decryptor = resultAndInputStream.getInputStream();
|
InputStream decryptor = resultAndInputStream.getInputStream();
|
||||||
|
@ -79,14 +81,8 @@ public class EncryptDecryptTest {
|
||||||
assertTrue(Arrays.equals(message.getBytes(), toPlain.toByteArray()));
|
assertTrue(Arrays.equals(message.getBytes(), toPlain.toByteArray()));
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void main(String[] args) throws IOException, PGPException {
|
|
||||||
Security.addProvider(new BouncyCastleProvider());
|
|
||||||
EncryptDecryptTest test = new EncryptDecryptTest();
|
|
||||||
test.decryptVerifyTest();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void decryptVerifyTest() throws IOException, PGPException {
|
public void decryptVerifyTest() throws Exception {
|
||||||
String encryptedMessage = "-----BEGIN PGP MESSAGE-----\n" +
|
String encryptedMessage = "-----BEGIN PGP MESSAGE-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"hQGMAwAAAAAAAAAAAQwAoJtfpcBPCwhUzzHuVIcBzBLyfIWT/EJ527neb46lN56S\n" +
|
"hQGMAwAAAAAAAAAAAQwAoJtfpcBPCwhUzzHuVIcBzBLyfIWT/EJ527neb46lN56S\n" +
|
||||||
|
@ -137,6 +133,9 @@ public class EncryptDecryptTest {
|
||||||
decryptor.close();
|
decryptor.close();
|
||||||
toPlain.close();
|
toPlain.close();
|
||||||
|
|
||||||
assertTrue(Arrays.equals("This message is encrypted".getBytes(), toPlain.toByteArray()));
|
byte[] expected = "This message is encrypted\n".getBytes(Charset.forName("UTF-8"));
|
||||||
|
byte[] actual = toPlain.toByteArray();
|
||||||
|
|
||||||
|
assertTrue(Arrays.equals(expected, actual));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue