From 14531f00500ec55bebd15fe3b0a717165ea53568 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Thu, 23 Jun 2022 11:47:48 +0200
Subject: [PATCH] Make sop decrypt throw for unencrypted data

---
 .../java/org/pgpainless/sop/DecryptImpl.java   |  4 ++++
 .../sop/EncryptDecryptRoundTripTest.java       | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java b/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java
index efed9472..7d8481e3 100644
--- a/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java
+++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java
@@ -149,6 +149,10 @@ public class DecryptImpl implements Decrypt {
                 decryptionStream.close();
                 OpenPgpMetadata metadata = decryptionStream.getResult();
 
+                if (!metadata.isEncrypted()) {
+                    throw new SOPGPException.BadData("Data is not encrypted.");
+                }
+
                 List<Verification> verificationList = new ArrayList<>();
                 for (SignatureVerification signatureVerification : metadata.getVerifiedInbandSignatures()) {
                     verificationList.add(map(signatureVerification));
diff --git a/pgpainless-sop/src/test/java/org/pgpainless/sop/EncryptDecryptRoundTripTest.java b/pgpainless-sop/src/test/java/org/pgpainless/sop/EncryptDecryptRoundTripTest.java
index 6f7e3d47..515cf71d 100644
--- a/pgpainless-sop/src/test/java/org/pgpainless/sop/EncryptDecryptRoundTripTest.java
+++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/EncryptDecryptRoundTripTest.java
@@ -515,4 +515,22 @@ public class EncryptDecryptRoundTripTest {
         assertThrows(SOPGPException.BadData.class, () ->
                 sop.decrypt().withSessionKey(wrongSessionKey).ciphertext(ciphertext));
     }
+
+    @Test
+    public void decryptNonEncryptedDataFailsBadData() throws IOException {
+        byte[] signed = sop.inlineSign()
+                .key(aliceKey)
+                .withKeyPassword(alicePassword)
+                .data(message)
+                .getBytes();
+
+        assertThrows(SOPGPException.BadData.class, () ->
+                sop.decrypt()
+                        .verifyWithCert(aliceCert)
+                        .withKey(aliceKey)
+                        .withKeyPassword(alicePassword)
+                        .ciphertext(signed)
+                        .toByteArrayAndResult()
+        );
+    }
 }