1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-26 22:32:07 +01:00

Remove workaround for invalid signature processing

This commit is contained in:
Paul Schaub 2021-10-15 15:32:21 +02:00
parent c55fd2e552
commit cd9e7611ac

View file

@ -19,7 +19,6 @@ import org.bouncycastle.bcpg.sig.RevocationReason;
import org.bouncycastle.bcpg.sig.SignatureExpirationTime; import org.bouncycastle.bcpg.sig.SignatureExpirationTime;
import org.bouncycastle.openpgp.PGPCompressedData; import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPMarker;
import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSecretKey;
@ -226,56 +225,30 @@ public final class SignatureUtils {
PGPObjectFactory objectFactory = new PGPObjectFactory( PGPObjectFactory objectFactory = new PGPObjectFactory(
pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator()); pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator());
Object nextObject = tryNext(objectFactory); Object nextObject;
while (nextObject != null) { while ((nextObject = objectFactory.nextObject()) != null) {
if (nextObject instanceof PGPMarker) {
nextObject = tryNext(objectFactory);
continue;
}
if (nextObject instanceof PGPCompressedData) { if (nextObject instanceof PGPCompressedData) {
PGPCompressedData compressedData = (PGPCompressedData) nextObject; PGPCompressedData compressedData = (PGPCompressedData) nextObject;
objectFactory = new PGPObjectFactory(compressedData.getDataStream(), objectFactory = new PGPObjectFactory(compressedData.getDataStream(),
ImplementationFactory.getInstance().getKeyFingerprintCalculator()); ImplementationFactory.getInstance().getKeyFingerprintCalculator());
nextObject = tryNext(objectFactory);
continue;
} }
if (nextObject instanceof PGPSignatureList) { if (nextObject instanceof PGPSignatureList) {
PGPSignatureList signatureList = (PGPSignatureList) nextObject; PGPSignatureList signatureList = (PGPSignatureList) nextObject;
for (PGPSignature s : signatureList) { for (PGPSignature s : signatureList) {
signatures.add(s); signatures.add(s);
} }
} }
if (nextObject instanceof PGPSignature) { if (nextObject instanceof PGPSignature) {
signatures.add((PGPSignature) nextObject); signatures.add((PGPSignature) nextObject);
} }
nextObject = tryNext(objectFactory);
} }
pgpIn.close(); pgpIn.close();
return signatures; return signatures;
} }
/**
* Try reading the next signature from the factory.
*
* This is a helper method for BC choking on unexpected data like invalid signature versions.
* Unfortunately, this solves only half the issue, see bcgit/bc-java#1006 for a proper fix.
*
* @see <a href="https://github.com/bcgit/bc-java/pull/1006">BC-Java: Ignore PGPSignature with invalid version</a>
*
* @param factory pgp object factory
* @return next non-throwing object or null
* @throws IOException in case of a stream error
*/
private static Object tryNext(PGPObjectFactory factory) throws IOException {
try {
Object o = factory.nextObject();
return o;
} catch (RuntimeException e) {
return tryNext(factory);
}
}
/** /**
* Determine the issuer key-id of a {@link PGPSignature}. * Determine the issuer key-id of a {@link PGPSignature}.
* This method first inspects the {@link IssuerKeyID} subpacket of the signature and returns the key-id if present. * This method first inspects the {@link IssuerKeyID} subpacket of the signature and returns the key-id if present.