1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-23 03:17:58 +01:00

Add isSignedOnly() to MessageInspector

This method can be used to determine, whether the message was created using gpg --sign --armor.
It will return false if the message is signed and encrypted, since we cannot determine signed status while the message is encrypted.
Fixes #188
This commit is contained in:
Paul Schaub 2021-10-01 14:12:10 +02:00
parent 8ec8a55f10
commit 5869996059
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 85 additions and 3 deletions

View file

@ -27,6 +27,7 @@ import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPBEEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.pgpainless.implementation.ImplementationFactory;
@ -40,7 +41,12 @@ public final class MessageInspector {
public static class EncryptionInfo {
private final List<Long> keyIds = new ArrayList<>();
private boolean isPassphraseEncrypted = false;
private boolean isSignedOnly = false;
/**
* Return a list of recipient key ids for whom the message is encrypted.
* @return recipient key ids
*/
public List<Long> getKeyIds() {
return Collections.unmodifiableList(keyIds);
}
@ -48,6 +54,24 @@ public final class MessageInspector {
public boolean isPassphraseEncrypted() {
return isPassphraseEncrypted;
}
/**
* Return true, if the message is encrypted.
*
* @return true if encrypted
*/
public boolean isEncrypted() {
return isPassphraseEncrypted || !keyIds.isEmpty();
}
/**
* Return true, if the message is not encrypted, but signed using {@link org.bouncycastle.openpgp.PGPOnePassSignature OnePassSignatures}.
*
* @return true if message is signed only
*/
public boolean isSignedOnly() {
return isSignedOnly;
}
}
private MessageInspector() {
@ -67,16 +91,24 @@ public final class MessageInspector {
InputStream decoded = ArmorUtils.getDecoderStream(dataIn);
EncryptionInfo info = new EncryptionInfo();
collectDecryptionKeyIDs(decoded, info);
processMessage(decoded, info);
return info;
}
private static void collectDecryptionKeyIDs(InputStream dataIn, EncryptionInfo info) throws PGPException {
private static void processMessage(InputStream dataIn, EncryptionInfo info) throws PGPException {
PGPObjectFactory objectFactory = new PGPObjectFactory(dataIn,
ImplementationFactory.getInstance().getKeyFingerprintCalculator());
for (Object next : objectFactory) {
if (next instanceof PGPOnePassSignatureList) {
PGPOnePassSignatureList signatures = (PGPOnePassSignatureList) next;
if (!signatures.isEmpty()) {
info.isSignedOnly = true;
return;
}
}
if (next instanceof PGPEncryptedDataList) {
PGPEncryptedDataList encryptedDataList = (PGPEncryptedDataList) next;
for (PGPEncryptedData encryptedData : encryptedDataList) {
@ -92,7 +124,7 @@ public final class MessageInspector {
if (next instanceof PGPCompressedData) {
PGPCompressedData compressed = (PGPCompressedData) next;
InputStream decompressed = compressed.getDataStream();
collectDecryptionKeyIDs(decompressed, info);
processMessage(decompressed, info);
}
if (next instanceof PGPLiteralData) {

View file

@ -44,6 +44,8 @@ public class MessageInspectorTest {
new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)));
assertFalse(info.isPassphraseEncrypted());
assertFalse(info.isSignedOnly());
assertTrue(info.isEncrypted());
assertEquals(1, info.getKeyIds().size());
assertEquals(KeyIdUtil.fromLongKeyId("4766F6B9D5F21EB6"), info.getKeyIds().get(0));
}
@ -66,9 +68,57 @@ public class MessageInspectorTest {
MessageInspector.EncryptionInfo info = MessageInspector.determineEncryptionInfoForMessage(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)));
assertTrue(info.isEncrypted());
assertTrue(info.isPassphraseEncrypted());
assertEquals(2, info.getKeyIds().size());
assertFalse(info.isSignedOnly());
assertTrue(info.getKeyIds().contains(KeyIdUtil.fromLongKeyId("4C6E8F99F6E47184")));
assertTrue(info.getKeyIds().contains(KeyIdUtil.fromLongKeyId("1839079A640B2FAC")));
}
@Test
public void testSignedOnlyMessage() throws PGPException, IOException {
String message = "-----BEGIN PGP MESSAGE-----\n" +
"Version: PGPainless\n" +
"\n" +
"owGbwMvMwCU2JftV+VJxWRbG0yJJDCDgkZqTk6+jEJ5flJOiyNVRysIgxsXAxsqU\n" +
"GPbzCoMipwBMg5giy+9JdusX5zywTwq60QsTfj2J4a9ki6nKuVnu940q5qzl+aK3\n" +
"89zdHzzyDBEdJg4asQcf3PBk+Cu1W/vQ1mMVW3fyTVc0VNe9PyktZlfcge2CbR8F\n" +
"Dvxwv8UPAA==\n" +
"=nt5n\n" +
"-----END PGP MESSAGE-----";
MessageInspector.EncryptionInfo info = MessageInspector.determineEncryptionInfoForMessage(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)));
assertTrue(info.isSignedOnly());
assertFalse(info.isEncrypted());
assertFalse(info.isPassphraseEncrypted());
assertEquals(0, info.getKeyIds().size());
}
@Test
public void testEncryptedAndSignedMessage() throws PGPException, IOException {
String message = "-----BEGIN PGP MESSAGE-----\n" +
"Version: PGPainless\n" +
"\n" +
"jC4ECQMCKFdrpiMTt8xgtZjkH60Nu4s+5THbPWOgyTmXkAeBAsmXDNWWuB5QSXFz\n" +
"hF4DaM8R0fnHE6USAQdALJl6fCtB597Ub/GR3bxu3Uv2lirMA8bI2iGHUE7f0Rkw\n" +
"ZNgmEk3YRGp+zddZoLp0WAIL0y4FLwUlMrR+YFYA37eAILiCwLEesIpvIoYq+fIu\n" +
"0r4BJ/bM9oiCZGy7clpBQgOBFOTMR2fCO9ESVOaLwTGDJkVk6m+iLV1OYG6997vP\n" +
"qHrg/zzy/U+xm90iHJzXoQ7yd2QZMU7llvC/otf5j14x3PCqd/rIxQrO2uc76Pef\n" +
"Lh1JRHb7St4PC429HfE7pEAfFUej1I56U/ZCPwxa9f6je911jM4ZmZQTKJq3XZ3H\n" +
"KK0Ymg5GrsBTEGFm4jb1p+V85PPhsIioX3np/N3fkIfxFguTGZza33/GHy61+DTy\n" +
"=SZU6\n" +
"-----END PGP MESSAGE-----";
MessageInspector.EncryptionInfo info = MessageInspector.determineEncryptionInfoForMessage(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)));
// Message is encrypted, so we cannot determine if it is signed or not.
// It is not signed only
assertFalse(info.isSignedOnly());
assertTrue(info.isEncrypted());
assertTrue(info.isPassphraseEncrypted());
assertEquals(1, info.getKeyIds().size());
}
}