1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-27 13:28:00 +01:00

Improve parsing of data containing invalid signatures

partial workaround for https://github.com/bcgit/bc-java/pull/1006
This commit is contained in:
Paul Schaub 2021-08-05 15:18:33 +02:00
parent 245e4a380d
commit 089b81b070
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -200,17 +200,17 @@ public class SignatureUtils {
PGPObjectFactory objectFactory = new PGPObjectFactory(
pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator());
Object nextObject = objectFactory.nextObject();
Object nextObject = tryNext(objectFactory);
while (nextObject != null) {
if (nextObject instanceof PGPMarker) {
nextObject = objectFactory.nextObject();
nextObject = tryNext(objectFactory);
continue;
}
if (nextObject instanceof PGPCompressedData) {
PGPCompressedData compressedData = (PGPCompressedData) nextObject;
objectFactory = new PGPObjectFactory(compressedData.getDataStream(),
ImplementationFactory.getInstance().getKeyFingerprintCalculator());
nextObject = objectFactory.nextObject();
nextObject = tryNext(objectFactory);
continue;
}
if (nextObject instanceof PGPSignatureList) {
@ -222,13 +222,22 @@ public class SignatureUtils {
if (nextObject instanceof PGPSignature) {
signatures.add((PGPSignature) nextObject);
}
nextObject = objectFactory.nextObject();
nextObject = tryNext(objectFactory);
}
pgpIn.close();
return signatures;
}
private static Object tryNext(PGPObjectFactory factory) throws IOException {
try {
Object o = factory.nextObject();
return o;
} catch (RuntimeException e) {
return tryNext(factory);
}
}
public static long determineIssuerKeyId(PGPSignature signature) {
IssuerKeyID issuerKeyId = SignatureSubpacketsUtil.getIssuerKeyId(signature);
OpenPgpV4Fingerprint fingerprint = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpV4Fingerprint(signature);