mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-30 08:12:06 +01:00
Improve parsing of data containing invalid signatures
partial workaround for https://github.com/bcgit/bc-java/pull/1006
This commit is contained in:
parent
245e4a380d
commit
089b81b070
1 changed files with 13 additions and 4 deletions
|
@ -200,17 +200,17 @@ public class SignatureUtils {
|
|||
PGPObjectFactory objectFactory = new PGPObjectFactory(
|
||||
pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator());
|
||||
|
||||
Object nextObject = objectFactory.nextObject();
|
||||
Object nextObject = tryNext(objectFactory);
|
||||
while (nextObject != null) {
|
||||
if (nextObject instanceof PGPMarker) {
|
||||
nextObject = objectFactory.nextObject();
|
||||
nextObject = tryNext(objectFactory);
|
||||
continue;
|
||||
}
|
||||
if (nextObject instanceof PGPCompressedData) {
|
||||
PGPCompressedData compressedData = (PGPCompressedData) nextObject;
|
||||
objectFactory = new PGPObjectFactory(compressedData.getDataStream(),
|
||||
ImplementationFactory.getInstance().getKeyFingerprintCalculator());
|
||||
nextObject = objectFactory.nextObject();
|
||||
nextObject = tryNext(objectFactory);
|
||||
continue;
|
||||
}
|
||||
if (nextObject instanceof PGPSignatureList) {
|
||||
|
@ -222,13 +222,22 @@ public class SignatureUtils {
|
|||
if (nextObject instanceof PGPSignature) {
|
||||
signatures.add((PGPSignature) nextObject);
|
||||
}
|
||||
nextObject = objectFactory.nextObject();
|
||||
nextObject = tryNext(objectFactory);
|
||||
}
|
||||
pgpIn.close();
|
||||
|
||||
return signatures;
|
||||
}
|
||||
|
||||
private static Object tryNext(PGPObjectFactory factory) throws IOException {
|
||||
try {
|
||||
Object o = factory.nextObject();
|
||||
return o;
|
||||
} catch (RuntimeException e) {
|
||||
return tryNext(factory);
|
||||
}
|
||||
}
|
||||
|
||||
public static long determineIssuerKeyId(PGPSignature signature) {
|
||||
IssuerKeyID issuerKeyId = SignatureSubpacketsUtil.getIssuerKeyId(signature);
|
||||
OpenPgpV4Fingerprint fingerprint = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpV4Fingerprint(signature);
|
||||
|
|
Loading…
Reference in a new issue