1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-22 19:08:00 +01:00

Fix signature verification

This commit is contained in:
Paul Schaub 2018-06-08 15:29:09 +02:00
parent 8a2ae0a989
commit 061e1c9292
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
3 changed files with 22 additions and 22 deletions

View file

@ -37,8 +37,6 @@ import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;
public class InputStreamFactory { public class InputStreamFactory {
private InputStream inputStream;
private final PGPSecretKeyRingCollection decryptionKeys; private final PGPSecretKeyRingCollection decryptionKeys;
private final SecretKeyRingProtector decryptionKeyDecryptor; private final SecretKeyRingProtector decryptionKeyDecryptor;
private final Set<PGPPublicKeyRing> verificationKeys = new HashSet<>(); private final Set<PGPPublicKeyRing> verificationKeys = new HashSet<>();
@ -47,6 +45,7 @@ public class InputStreamFactory {
private final PainlessResult.Builder resultBuilder = PainlessResult.getBuilder(); private final PainlessResult.Builder resultBuilder = PainlessResult.getBuilder();
private final PGPContentVerifierBuilderProvider verifierBuilderProvider = new BcPGPContentVerifierBuilderProvider(); private final PGPContentVerifierBuilderProvider verifierBuilderProvider = new BcPGPContentVerifierBuilderProvider();
private final KeyFingerPrintCalculator fingerCalc = new BcKeyFingerprintCalculator();
private final Map<Long, PGPOnePassSignature> verifiableOnePassSignatures = new HashMap<>(); private final Map<Long, PGPOnePassSignature> verifiableOnePassSignatures = new HashMap<>();
private InputStreamFactory(PGPSecretKeyRingCollection decryptionKeys, private InputStreamFactory(PGPSecretKeyRingCollection decryptionKeys,
@ -85,9 +84,8 @@ public class InputStreamFactory {
} }
private InputStream wrap(PGPObjectFactory objectFactory) throws IOException, PGPException { private InputStream wrap(PGPObjectFactory objectFactory) throws IOException, PGPException {
KeyFingerPrintCalculator fingerCalc = new BcKeyFingerprintCalculator();
Object pgpObj = null; Object pgpObj;
while ((pgpObj = objectFactory.nextObject()) != null) { while ((pgpObj = objectFactory.nextObject()) != null) {
if (pgpObj instanceof PGPEncryptedDataList) { if (pgpObj instanceof PGPEncryptedDataList) {
@ -107,7 +105,8 @@ public class InputStreamFactory {
if (pgpObj instanceof PGPOnePassSignatureList) { if (pgpObj instanceof PGPOnePassSignatureList) {
PGPOnePassSignatureList onePassSignatures = (PGPOnePassSignatureList) pgpObj; PGPOnePassSignatureList onePassSignatures = (PGPOnePassSignatureList) pgpObj;
verify(onePassSignatures); initOnePassSignatures(onePassSignatures);
return wrap(objectFactory);
} }
if (pgpObj instanceof PGPLiteralData) { if (pgpObj instanceof PGPLiteralData) {
@ -166,7 +165,7 @@ public class InputStreamFactory {
return decryptionStream; return decryptionStream;
} }
private void verify(PGPOnePassSignatureList onePassSignatureList) throws PGPException { private void initOnePassSignatures(PGPOnePassSignatureList onePassSignatureList) throws PGPException {
Iterator<PGPOnePassSignature> iterator = onePassSignatureList.iterator(); Iterator<PGPOnePassSignature> iterator = onePassSignatureList.iterator();
if (!iterator.hasNext()) { if (!iterator.hasNext()) {
throw new PGPException("Verification failed - No OnePassSignatures found!"); throw new PGPException("Verification failed - No OnePassSignatures found!");

View file

@ -49,11 +49,12 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
try { try {
PGPSignatureList signatureList = null; PGPSignatureList signatureList = null;
Iterator objectIterator = objectFactory.iterator(); Object obj = objectFactory.nextObject();
while (objectIterator.hasNext() && signatureList == null) { while (obj != null && signatureList == null) {
Object object = objectIterator.next(); if (obj instanceof PGPSignatureList) {
if (object instanceof PGPSignatureList) { signatureList = (PGPSignatureList) obj;
signatureList = (PGPSignatureList) object; } else {
obj = objectFactory.nextObject();
} }
} }
@ -70,6 +71,7 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
throw new SignatureException("Bad Signature of key " + signature.getKeyID()); throw new SignatureException("Bad Signature of key " + signature.getKeyID());
} else { } else {
resultBuilder.addVerifiedSignatureKeyId(signature.getKeyID()); resultBuilder.addVerifiedSignatureKeyId(signature.getKeyID());
onePassSignatures.remove(signature.getKeyID());
} }
} }
} catch (PGPException | SignatureException e) { } catch (PGPException | SignatureException e) {

View file

@ -8,6 +8,7 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.nio.charset.Charset;
import java.security.Security; import java.security.Security;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
@ -15,7 +16,6 @@ import java.util.Collections;
import de.vanitasvitae.crypto.pgpainless.key.UnprotectedKeysProtector; import de.vanitasvitae.crypto.pgpainless.key.UnprotectedKeysProtector;
import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
@ -38,7 +38,8 @@ public class EncryptDecryptTest {
} }
@Test @Test
public void test() throws IOException, PGPException { public void test() throws Exception {
Security.addProvider(new BouncyCastleProvider());
PGPPublicKeyRing jPub = new PGPPublicKeyRing(PGPUtil.getDecoderStream(new ByteArrayInputStream(TestKeys.JULIET_PUB.getBytes())), new BcKeyFingerprintCalculator()); PGPPublicKeyRing jPub = new PGPPublicKeyRing(PGPUtil.getDecoderStream(new ByteArrayInputStream(TestKeys.JULIET_PUB.getBytes())), new BcKeyFingerprintCalculator());
ByteArrayOutputStream toEncrypted = new ByteArrayOutputStream(); ByteArrayOutputStream toEncrypted = new ByteArrayOutputStream();
@ -66,7 +67,8 @@ public class EncryptDecryptTest {
.onInputStream(fromEncrypted) .onInputStream(fromEncrypted)
.decryptWith(new PGPSecretKeyRingCollection(Collections.singleton(juliet)), .decryptWith(new PGPSecretKeyRingCollection(Collections.singleton(juliet)),
new UnprotectedKeysProtector()) new UnprotectedKeysProtector())
.doNotVerify() .verifyWith(Collections.singleton(jPub.getPublicKey().getKeyID()), Collections.singleton(jPub))
.ignoreMissingPublicKeys()
.build(); .build();
InputStream decryptor = resultAndInputStream.getInputStream(); InputStream decryptor = resultAndInputStream.getInputStream();
@ -79,14 +81,8 @@ public class EncryptDecryptTest {
assertTrue(Arrays.equals(message.getBytes(), toPlain.toByteArray())); assertTrue(Arrays.equals(message.getBytes(), toPlain.toByteArray()));
} }
public static void main(String[] args) throws IOException, PGPException {
Security.addProvider(new BouncyCastleProvider());
EncryptDecryptTest test = new EncryptDecryptTest();
test.decryptVerifyTest();
}
@Test @Test
public void decryptVerifyTest() throws IOException, PGPException { public void decryptVerifyTest() throws Exception {
String encryptedMessage = "-----BEGIN PGP MESSAGE-----\n" + String encryptedMessage = "-----BEGIN PGP MESSAGE-----\n" +
"\n" + "\n" +
"hQGMAwAAAAAAAAAAAQwAoJtfpcBPCwhUzzHuVIcBzBLyfIWT/EJ527neb46lN56S\n" + "hQGMAwAAAAAAAAAAAQwAoJtfpcBPCwhUzzHuVIcBzBLyfIWT/EJ527neb46lN56S\n" +
@ -137,6 +133,9 @@ public class EncryptDecryptTest {
decryptor.close(); decryptor.close();
toPlain.close(); toPlain.close();
assertTrue(Arrays.equals("This message is encrypted".getBytes(), toPlain.toByteArray())); byte[] expected = "This message is encrypted\n".getBytes(Charset.forName("UTF-8"));
byte[] actual = toPlain.toByteArray();
assertTrue(Arrays.equals(expected, actual));
} }
} }