From 76b365a5062d858b70a46b3e0d102f26e82c691c Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Fri, 7 Apr 2023 13:37:37 +0200
Subject: [PATCH] Add ConsumerOptions.setRequireValidDecryptionKey()

---
 .../decryption_verification/ConsumerOptions.java | 10 ++++++++++
 .../OpenPgpMessageInputStream.java               | 16 ++++++++++------
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java
index d0d9230b..321d1649 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java
@@ -37,6 +37,7 @@ import org.pgpainless.util.SessionKey;
 public class ConsumerOptions {
 
     private boolean ignoreMDCErrors = false;
+    private boolean requireValidDecryptionKey = true;
     private boolean forceNonOpenPgpData = false;
 
     private Date verifyNotBefore = null;
@@ -391,6 +392,15 @@ public class ConsumerOptions {
         return ignoreMDCErrors;
     }
 
+    public ConsumerOptions setRequireValidDecryptionKey(boolean requireValidDecryptionKey) {
+        this.requireValidDecryptionKey = requireValidDecryptionKey;
+        return this;
+    }
+
+    boolean isRequireValidDecryptionKey() {
+        return requireValidDecryptionKey;
+    }
+
     /**
      * Force PGPainless to handle the data provided by the {@link InputStream} as non-OpenPGP data.
      * This workaround might come in handy if PGPainless accidentally mistakes the data for binary OpenPGP data.
diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.java
index 7fe11bbf..29904872 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.java
@@ -691,15 +691,19 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
                 continue;
             }
 
-            KeyRingInfo info = new KeyRingInfo(secretKeys, policy, new Date());
-            List<PGPPublicKey> encryptionKeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY);
-            for (PGPPublicKey key : encryptionKeys) {
-                if (key.getKeyID() == keyID) {
-                    return secretKeys;
+            if (options.isRequireValidDecryptionKey()) {
+                KeyRingInfo info = new KeyRingInfo(secretKeys, policy, new Date());
+                List<PGPPublicKey> encryptionKeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY);
+                for (PGPPublicKey key : encryptionKeys) {
+                    if (key.getKeyID() == keyID) {
+                        return secretKeys;
+                    }
                 }
+                LOGGER.debug("Subkey " + Long.toHexString(keyID) + " cannot be used for decryption.");
+            } else {
+                return secretKeys;
             }
 
-            LOGGER.debug("Subkey " + Long.toHexString(keyID) + " cannot be used for decryption.");
         }
         return null;
     }