mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-01-10 20:27:58 +01:00
Add regression test for PGPUtil.getDecoderStream mistaking plaintext for base64 encoded data
This commit is contained in:
parent
8fccc73370
commit
7bc35dcba3
2 changed files with 45 additions and 6 deletions
|
@ -153,7 +153,7 @@ public final class DecryptionStreamFactory {
|
||||||
bufferedIn.reset();
|
bufferedIn.reset();
|
||||||
inputStream = wrapInVerifySignatureStream(bufferedIn);
|
inputStream = wrapInVerifySignatureStream(bufferedIn);
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
if (e.getMessage().contains("invalid armor")) {
|
if (e.getMessage().contains("invalid armor") || e.getMessage().contains("invalid header encountered")) {
|
||||||
// We falsely assumed the data to be armored.
|
// We falsely assumed the data to be armored.
|
||||||
LOGGER.debug("The message is apparently not armored.");
|
LOGGER.debug("The message is apparently not armored.");
|
||||||
bufferedIn.reset();
|
bufferedIn.reset();
|
||||||
|
|
|
@ -30,18 +30,24 @@ import java.nio.charset.StandardCharsets;
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.bouncycastle.util.io.Streams;
|
import org.bouncycastle.util.io.Streams;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.exception.WrongConsumingMethodException;
|
import org.pgpainless.algorithm.DocumentSignatureType;
|
||||||
import org.pgpainless.key.TestKeys;
|
|
||||||
import org.pgpainless.signature.CertificateValidator;
|
|
||||||
import org.pgpainless.signature.SignatureUtils;
|
|
||||||
import org.pgpainless.signature.SignatureVerifier;
|
|
||||||
import org.pgpainless.decryption_verification.cleartext_signatures.CleartextSignatureProcessor;
|
import org.pgpainless.decryption_verification.cleartext_signatures.CleartextSignatureProcessor;
|
||||||
import org.pgpainless.decryption_verification.cleartext_signatures.InMemoryMultiPassStrategy;
|
import org.pgpainless.decryption_verification.cleartext_signatures.InMemoryMultiPassStrategy;
|
||||||
import org.pgpainless.decryption_verification.cleartext_signatures.MultiPassStrategy;
|
import org.pgpainless.decryption_verification.cleartext_signatures.MultiPassStrategy;
|
||||||
|
import org.pgpainless.encryption_signing.EncryptionStream;
|
||||||
|
import org.pgpainless.encryption_signing.ProducerOptions;
|
||||||
|
import org.pgpainless.encryption_signing.SigningOptions;
|
||||||
|
import org.pgpainless.exception.WrongConsumingMethodException;
|
||||||
|
import org.pgpainless.key.TestKeys;
|
||||||
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||||
|
import org.pgpainless.signature.CertificateValidator;
|
||||||
|
import org.pgpainless.signature.SignatureUtils;
|
||||||
|
import org.pgpainless.signature.SignatureVerifier;
|
||||||
import org.pgpainless.util.ArmorUtils;
|
import org.pgpainless.util.ArmorUtils;
|
||||||
import org.pgpainless.util.TestUtils;
|
import org.pgpainless.util.TestUtils;
|
||||||
|
|
||||||
|
@ -218,4 +224,37 @@ public class CleartextSignatureVerificationTest {
|
||||||
.withOptions(options)
|
.withOptions(options)
|
||||||
.getVerificationStream());
|
.getVerificationStream());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getDecoderStreamMistakensPlaintextForBase64RegressionTest() throws PGPException, IOException {
|
||||||
|
String message = "Foo\nBar"; // PGPUtil.getDecoderStream() would mistaken this for base64 data
|
||||||
|
ByteArrayInputStream msgIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
||||||
|
|
||||||
|
PGPSecretKeyRing secretKey = TestKeys.getEmilSecretKeyRing();
|
||||||
|
ByteArrayOutputStream signedOut = new ByteArrayOutputStream();
|
||||||
|
EncryptionStream signingStream = PGPainless.encryptAndOrSign().onOutputStream(signedOut)
|
||||||
|
.withOptions(ProducerOptions.sign(SigningOptions.get()
|
||||||
|
.addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), secretKey, DocumentSignatureType.CANONICAL_TEXT_DOCUMENT))
|
||||||
|
.setCleartextSigned());
|
||||||
|
|
||||||
|
Streams.pipeAll(msgIn, signingStream);
|
||||||
|
signingStream.close();
|
||||||
|
|
||||||
|
String signed = signedOut.toString();
|
||||||
|
|
||||||
|
ByteArrayInputStream signedIn = new ByteArrayInputStream(signed.getBytes(StandardCharsets.UTF_8));
|
||||||
|
DecryptionStream verificationStream = PGPainless.verifyCleartextSignedMessage()
|
||||||
|
.onInputStream(signedIn)
|
||||||
|
.withStrategy(new InMemoryMultiPassStrategy())
|
||||||
|
.withOptions(new ConsumerOptions()
|
||||||
|
.addVerificationCert(TestKeys.getEmilPublicKeyRing()))
|
||||||
|
.getVerificationStream();
|
||||||
|
|
||||||
|
ByteArrayOutputStream msgOut = new ByteArrayOutputStream();
|
||||||
|
Streams.pipeAll(verificationStream, msgOut);
|
||||||
|
verificationStream.close();
|
||||||
|
|
||||||
|
OpenPgpMetadata metadata = verificationStream.getResult();
|
||||||
|
assertTrue(metadata.isVerified());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue