1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-01-10 20:27:58 +01:00

Add regression test for PGPUtil.getDecoderStream mistaking plaintext for base64 encoded data

This commit is contained in:
Paul Schaub 2021-10-01 15:21:42 +02:00
parent 8fccc73370
commit 7bc35dcba3
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 45 additions and 6 deletions

View file

@ -153,7 +153,7 @@ public final class DecryptionStreamFactory {
bufferedIn.reset(); bufferedIn.reset();
inputStream = wrapInVerifySignatureStream(bufferedIn); inputStream = wrapInVerifySignatureStream(bufferedIn);
} catch (IOException e) { } catch (IOException e) {
if (e.getMessage().contains("invalid armor")) { if (e.getMessage().contains("invalid armor") || e.getMessage().contains("invalid header encountered")) {
// We falsely assumed the data to be armored. // We falsely assumed the data to be armored.
LOGGER.debug("The message is apparently not armored."); LOGGER.debug("The message is apparently not armored.");
bufferedIn.reset(); bufferedIn.reset();

View file

@ -30,18 +30,24 @@ import java.nio.charset.StandardCharsets;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.exception.WrongConsumingMethodException; import org.pgpainless.algorithm.DocumentSignatureType;
import org.pgpainless.key.TestKeys;
import org.pgpainless.signature.CertificateValidator;
import org.pgpainless.signature.SignatureUtils;
import org.pgpainless.signature.SignatureVerifier;
import org.pgpainless.decryption_verification.cleartext_signatures.CleartextSignatureProcessor; import org.pgpainless.decryption_verification.cleartext_signatures.CleartextSignatureProcessor;
import org.pgpainless.decryption_verification.cleartext_signatures.InMemoryMultiPassStrategy; import org.pgpainless.decryption_verification.cleartext_signatures.InMemoryMultiPassStrategy;
import org.pgpainless.decryption_verification.cleartext_signatures.MultiPassStrategy; import org.pgpainless.decryption_verification.cleartext_signatures.MultiPassStrategy;
import org.pgpainless.encryption_signing.EncryptionStream;
import org.pgpainless.encryption_signing.ProducerOptions;
import org.pgpainless.encryption_signing.SigningOptions;
import org.pgpainless.exception.WrongConsumingMethodException;
import org.pgpainless.key.TestKeys;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.signature.CertificateValidator;
import org.pgpainless.signature.SignatureUtils;
import org.pgpainless.signature.SignatureVerifier;
import org.pgpainless.util.ArmorUtils; import org.pgpainless.util.ArmorUtils;
import org.pgpainless.util.TestUtils; import org.pgpainless.util.TestUtils;
@ -218,4 +224,37 @@ public class CleartextSignatureVerificationTest {
.withOptions(options) .withOptions(options)
.getVerificationStream()); .getVerificationStream());
} }
@Test
public void getDecoderStreamMistakensPlaintextForBase64RegressionTest() throws PGPException, IOException {
String message = "Foo\nBar"; // PGPUtil.getDecoderStream() would mistaken this for base64 data
ByteArrayInputStream msgIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
PGPSecretKeyRing secretKey = TestKeys.getEmilSecretKeyRing();
ByteArrayOutputStream signedOut = new ByteArrayOutputStream();
EncryptionStream signingStream = PGPainless.encryptAndOrSign().onOutputStream(signedOut)
.withOptions(ProducerOptions.sign(SigningOptions.get()
.addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), secretKey, DocumentSignatureType.CANONICAL_TEXT_DOCUMENT))
.setCleartextSigned());
Streams.pipeAll(msgIn, signingStream);
signingStream.close();
String signed = signedOut.toString();
ByteArrayInputStream signedIn = new ByteArrayInputStream(signed.getBytes(StandardCharsets.UTF_8));
DecryptionStream verificationStream = PGPainless.verifyCleartextSignedMessage()
.onInputStream(signedIn)
.withStrategy(new InMemoryMultiPassStrategy())
.withOptions(new ConsumerOptions()
.addVerificationCert(TestKeys.getEmilPublicKeyRing()))
.getVerificationStream();
ByteArrayOutputStream msgOut = new ByteArrayOutputStream();
Streams.pipeAll(verificationStream, msgOut);
verificationStream.close();
OpenPgpMetadata metadata = verificationStream.getResult();
assertTrue(metadata.isVerified());
}
} }