1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-06-17 17:14:51 +02:00

Fix detection of non-armored data

This commit is contained in:
Paul Schaub 2021-10-30 15:00:04 +02:00
parent 78269e0294
commit cf1881a140
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -122,23 +122,23 @@ public final class DecryptionStreamFactory {
private DecryptionStream parseOpenPGPDataAndCreateDecryptionStream(InputStream inputStream) throws IOException, PGPException { private DecryptionStream parseOpenPGPDataAndCreateDecryptionStream(InputStream inputStream) throws IOException, PGPException {
// Make sure we handle armored and non-armored data properly // Make sure we handle armored and non-armored data properly
BufferedInputStream bufferedIn = new BufferedInputStream(inputStream); BufferedInputStream bufferedIn = new BufferedInputStream(inputStream);
InputStream decoderStream = PGPUtilWrapper.getDecoderStream(bufferedIn); InputStream decoderStream;
PGPObjectFactory objectFactory;
decoderStream = CRCingArmoredInputStreamWrapper.possiblyWrap(decoderStream);
if (decoderStream instanceof ArmoredInputStream) {
ArmoredInputStream armor = (ArmoredInputStream) decoderStream;
if (armor.isClearText()) {
throw new WrongConsumingMethodException("Message appears to be using the Cleartext Signature Framework. " +
"Use PGPainless.verifyCleartextSignedMessage() to verify this message instead.");
}
}
PGPObjectFactory objectFactory = new PGPObjectFactory(
decoderStream, keyFingerprintCalculator);
try { try {
decoderStream = PGPUtilWrapper.getDecoderStream(bufferedIn);
decoderStream = CRCingArmoredInputStreamWrapper.possiblyWrap(decoderStream);
if (decoderStream instanceof ArmoredInputStream) {
ArmoredInputStream armor = (ArmoredInputStream) decoderStream;
if (armor.isClearText()) {
throw new WrongConsumingMethodException("Message appears to be using the Cleartext Signature Framework. " +
"Use PGPainless.verifyCleartextSignedMessage() to verify this message instead.");
}
}
objectFactory = new PGPObjectFactory(decoderStream, keyFingerprintCalculator);
// Parse OpenPGP message // Parse OpenPGP message
inputStream = processPGPPackets(objectFactory, 1); inputStream = processPGPPackets(objectFactory, 1);
} catch (EOFException e) { } catch (EOFException e) {
@ -149,12 +149,16 @@ public final class DecryptionStreamFactory {
// to allow for detached signature verification. // to allow for detached signature verification.
LOGGER.debug("The message appears to not be an OpenPGP message. This is probably data signed with detached signatures?"); LOGGER.debug("The message appears to not be an OpenPGP message. This is probably data signed with detached signatures?");
bufferedIn.reset(); bufferedIn.reset();
decoderStream = bufferedIn;
objectFactory = new PGPObjectFactory(decoderStream, keyFingerprintCalculator);
inputStream = wrapInVerifySignatureStream(bufferedIn, objectFactory); inputStream = wrapInVerifySignatureStream(bufferedIn, objectFactory);
} catch (IOException e) { } catch (IOException e) {
if (e.getMessage().contains("invalid armor") || e.getMessage().contains("invalid header encountered")) { if (e.getMessage().contains("invalid armor") || e.getMessage().contains("invalid header encountered")) {
// We falsely assumed the data to be armored. // We falsely assumed the data to be armored.
LOGGER.debug("The message is apparently not armored."); LOGGER.debug("The message is apparently not armored.");
bufferedIn.reset(); bufferedIn.reset();
decoderStream = bufferedIn;
objectFactory = new PGPObjectFactory(decoderStream, keyFingerprintCalculator);
inputStream = wrapInVerifySignatureStream(bufferedIn, objectFactory); inputStream = wrapInVerifySignatureStream(bufferedIn, objectFactory);
} else { } else {
throw e; throw e;