PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-01-09 19:57:57 +01:00
Code Issues Releases Wiki Activity

Ignore certificate signatures of unknown type

Browse source
This commit is contained in:
Paul Schaub 2024-11-19 13:58:54 +01:00
parent 89790a0a94
commit b99822f405
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
8 changed files with 33 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpInputStream.java
View file

@ -32,6 +32,7 @@ import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.util.NoSuchElementException;
import org.bouncycastle.bcpg.BCPGInputStream; import org.bouncycastle.bcpg.BCPGInputStream;
import org.bouncycastle.openpgp.PGPCompressedData; import org.bouncycastle.openpgp.PGPCompressedData;
@ -208,8 +209,8 @@ public class OpenPgpInputStream extends BufferedInputStream {
} }
try { try {
SignatureType.valueOf(sigType); SignatureType.requireFromCode(sigType);
} catch (IllegalArgumentException e) { } catch (NoSuchElementException e) {
return; return;
} }
@ -236,8 +237,8 @@ public class OpenPgpInputStream extends BufferedInputStream {
if (opsVersion == 3) { if (opsVersion == 3) {
int opsSigType = bcpgIn.read(); int opsSigType = bcpgIn.read();
try { try {
SignatureType.valueOf(opsSigType); SignatureType.requireFromCode(opsSigType);
} catch (IllegalArgumentException e) { } catch (NoSuchElementException e) {
return; return;
} }
int opsHashAlg = bcpgIn.read(); int opsHashAlg = bcpgIn.read();

9
pgpainless-core/src/main/java/org/pgpainless/exception/SignatureValidationException.java
View file

@ -28,7 +28,14 @@ public class SignatureValidationException extends PGPException {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
sb.append(rejections.size()).append(" rejected signatures:\n"); sb.append(rejections.size()).append(" rejected signatures:\n");
for (PGPSignature signature : rejections.keySet()) { for (PGPSignature signature : rejections.keySet()) {
sb.append(SignatureType.valueOf(signature.getSignatureType())).append(' ') String typeString;
SignatureType type = SignatureType.fromCode(signature.getSignatureType());
if (type == null) {
typeString = "0x" + Long.toHexString(signature.getSignatureType());
} else {
typeString = type.toString();
}
sb.append(typeString).append(' ')
.append(signature.getCreationTime()).append(": ") .append(signature.getCreationTime()).append(": ")
.append(rejections.get(signature).getMessage()).append('\n'); .append(rejections.get(signature).getMessage()).append('\n');
} }

10
pgpainless-core/src/main/java/org/pgpainless/key/util/OpenPgpKeyAttributeUtil.java
View file

@ -34,7 +34,11 @@ public final class OpenPgpKeyAttributeUtil {
continue; continue;
} }
SignatureType signatureType = SignatureType.valueOf(signature.getSignatureType()); SignatureType signatureType = SignatureType.fromCode(signature.getSignatureType());
if (signatureType == null) {
// unknown signature type
continue;
}
if (signatureType == SignatureType.POSITIVE_CERTIFICATION if (signatureType == SignatureType.POSITIVE_CERTIFICATION
|| signatureType == SignatureType.GENERIC_CERTIFICATION) { || signatureType == SignatureType.GENERIC_CERTIFICATION) {
int[] hashAlgos = signature.getHashedSubPackets().getPreferredHashAlgorithms(); int[] hashAlgos = signature.getHashedSubPackets().getPreferredHashAlgorithms();
@ -71,8 +75,8 @@ public final class OpenPgpKeyAttributeUtil {
continue; continue;
} }
SignatureType signatureType = SignatureType.valueOf(signature.getSignatureType()); SignatureType signatureType = SignatureType.fromCode(signature.getSignatureType());
if (signatureType != SignatureType.POSITIVE_CERTIFICATION if (signatureType == null || signatureType != SignatureType.POSITIVE_CERTIFICATION
&& signatureType != SignatureType.GENERIC_CERTIFICATION) { && signatureType != SignatureType.GENERIC_CERTIFICATION) {
continue; continue;
} }

3
pgpainless-core/src/main/kotlin/org/pgpainless/algorithm/SignatureType.kt
View file

@ -170,7 +170,8 @@ enum class SignatureType(val code: Int) {
@JvmStatic @JvmStatic
fun isRevocationSignature(signatureType: Int): Boolean { fun isRevocationSignature(signatureType: Int): Boolean {
return isRevocationSignature(valueOf(signatureType)) val sigType = fromCode(signatureType)
return sigType?.let { isRevocationSignature(it) } ?: false
} }
@JvmStatic @JvmStatic

5
pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSignatureExtensions.kt
View file

@ -77,7 +77,8 @@ fun PGPSignature.wasIssuedBy(key: PGPPublicKey): Boolean = wasIssuedBy(OpenPgpFi
/** Return true, if this signature is a hard revocation. */ /** Return true, if this signature is a hard revocation. */
val PGPSignature.isHardRevocation val PGPSignature.isHardRevocation
get() = get() =
when (SignatureType.requireFromCode(signatureType)) { when (SignatureType.fromCode(signatureType)) {
null -> false
SignatureType.KEY_REVOCATION, SignatureType.KEY_REVOCATION,
SignatureType.SUBKEY_REVOCATION, SignatureType.SUBKEY_REVOCATION,
SignatureType.CERTIFICATION_REVOCATION -> { SignatureType.CERTIFICATION_REVOCATION -> {
@ -104,4 +105,4 @@ val PGPSignature.signatureHashAlgorithm: HashAlgorithm
get() = HashAlgorithm.requireFromId(hashAlgorithm) get() = HashAlgorithm.requireFromId(hashAlgorithm)
fun PGPSignature.isOfType(type: SignatureType): Boolean = fun PGPSignature.isOfType(type: SignatureType): Boolean =
SignatureType.requireFromCode(signatureType) == type SignatureType.fromCode(signatureType) == type

6
pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureValidator.kt
View file

@ -235,7 +235,8 @@ abstract class SignatureValidator {
signature: PGPSignature, signature: PGPSignature,
policy: Policy policy: Policy
): Policy.HashAlgorithmPolicy { ): Policy.HashAlgorithmPolicy {
return when (SignatureType.requireFromCode(signature.signatureType)) { return when (SignatureType.fromCode(signature.signatureType)) {
null -> policy.certificationSignatureHashAlgorithmPolicy
SignatureType.CERTIFICATION_REVOCATION, SignatureType.CERTIFICATION_REVOCATION,
SignatureType.KEY_REVOCATION, SignatureType.KEY_REVOCATION,
SignatureType.SUBKEY_REVOCATION -> policy.revocationSignatureHashAlgorithmPolicy SignatureType.SUBKEY_REVOCATION -> policy.revocationSignatureHashAlgorithmPolicy
@ -598,7 +599,8 @@ abstract class SignatureValidator {
if (signatureType.none { signature.isOfType(it) }) { if (signatureType.none { signature.isOfType(it) }) {
throw SignatureValidationException( throw SignatureValidationException(
"Signature is of type" + "Signature is of type" +
" ${SignatureType.requireFromCode(signature.signatureType)}, " + " ${SignatureType.fromCode(signature.signatureType) ?:
("0x" + signature.signatureType.toString(16))}, " +
"while only ${signatureType.contentToString()} are allowed here.") "while only ${signatureType.contentToString()} are allowed here.")
} }
} }

5
pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureVerifier.kt
View file

@ -59,12 +59,13 @@ class SignatureVerifier {
policy: Policy, policy: Policy,
referenceTime: Date referenceTime: Date
): Boolean { ): Boolean {
val type = SignatureType.requireFromCode(signature.signatureType) val type = SignatureType.fromCode(signature.signatureType)
return when (type) { return when (type) {
SignatureType.GENERIC_CERTIFICATION, SignatureType.GENERIC_CERTIFICATION,
SignatureType.NO_CERTIFICATION, SignatureType.NO_CERTIFICATION,
SignatureType.CASUAL_CERTIFICATION, SignatureType.CASUAL_CERTIFICATION,
SignatureType.POSITIVE_CERTIFICATION -> SignatureType.POSITIVE_CERTIFICATION,
null ->
verifyUserIdCertification( verifyUserIdCertification(
userId, signature, signingKey, keyWithUserId, policy, referenceTime) userId, signature, signingKey, keyWithUserId, policy, referenceTime)
SignatureType.CERTIFICATION_REVOCATION -> SignatureType.CERTIFICATION_REVOCATION ->

3
pgpainless-core/src/test/java/org/pgpainless/algorithm/SignatureTypeTest.java
View file

@ -5,7 +5,6 @@
package org.pgpainless.algorithm; package org.pgpainless.algorithm;
import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.assertTrue;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -31,6 +30,6 @@ public class SignatureTypeTest {
assertFalse(SignatureType.isRevocationSignature(SignatureType.STANDALONE.getCode())); assertFalse(SignatureType.isRevocationSignature(SignatureType.STANDALONE.getCode()));
assertFalse(SignatureType.isRevocationSignature(SignatureType.TIMESTAMP.getCode())); assertFalse(SignatureType.isRevocationSignature(SignatureType.TIMESTAMP.getCode()));
assertThrows(IllegalArgumentException.class, () -> SignatureType.isRevocationSignature(-3)); assertFalse(SignatureType.isRevocationSignature(-3));
} }
} }