mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-25 12:27:58 +01:00
Fix NPEs and expose decryption keys
This commit is contained in:
parent
fff69f89e0
commit
de67461fb2
2 changed files with 40 additions and 10 deletions
|
@ -7,6 +7,7 @@ package org.pgpainless.decryption_verification;
|
||||||
import org.pgpainless.algorithm.CompressionAlgorithm;
|
import org.pgpainless.algorithm.CompressionAlgorithm;
|
||||||
import org.pgpainless.algorithm.StreamEncoding;
|
import org.pgpainless.algorithm.StreamEncoding;
|
||||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||||
|
import org.pgpainless.key.SubkeyIdentifier;
|
||||||
import org.pgpainless.util.SessionKey;
|
import org.pgpainless.util.SessionKey;
|
||||||
|
|
||||||
import javax.annotation.Nonnull;
|
import javax.annotation.Nonnull;
|
||||||
|
@ -182,6 +183,24 @@ public class MessageMetadata {
|
||||||
return (LiteralData) nested;
|
return (LiteralData) nested;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public SubkeyIdentifier getDecryptionKey() {
|
||||||
|
Iterator<SubkeyIdentifier> iterator = new LayerIterator<SubkeyIdentifier>(message) {
|
||||||
|
@Override
|
||||||
|
public boolean matches(Nested layer) {
|
||||||
|
return layer instanceof EncryptedData;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public SubkeyIdentifier getProperty(Layer last) {
|
||||||
|
return ((EncryptedData) last).decryptionKey;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
if (iterator.hasNext()) {
|
||||||
|
return iterator.next();
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
public abstract static class Layer {
|
public abstract static class Layer {
|
||||||
protected final List<SignatureVerification> verifiedDetachedSignatures = new ArrayList<>();
|
protected final List<SignatureVerification> verifiedDetachedSignatures = new ArrayList<>();
|
||||||
protected final List<SignatureVerification.Failure> rejectedDetachedSignatures = new ArrayList<>();
|
protected final List<SignatureVerification.Failure> rejectedDetachedSignatures = new ArrayList<>();
|
||||||
|
@ -309,6 +328,7 @@ public class MessageMetadata {
|
||||||
|
|
||||||
public static class EncryptedData extends Layer implements Nested {
|
public static class EncryptedData extends Layer implements Nested {
|
||||||
protected final SymmetricKeyAlgorithm algorithm;
|
protected final SymmetricKeyAlgorithm algorithm;
|
||||||
|
protected SubkeyIdentifier decryptionKey;
|
||||||
protected SessionKey sessionKey;
|
protected SessionKey sessionKey;
|
||||||
protected List<Long> recipients;
|
protected List<Long> recipients;
|
||||||
|
|
||||||
|
|
|
@ -334,6 +334,7 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
||||||
|
|
||||||
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(
|
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(
|
||||||
SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory)));
|
SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory)));
|
||||||
|
encryptedData.decryptionKey = new SubkeyIdentifier(decryptionKeys, decryptionKey.getKeyID());
|
||||||
encryptedData.sessionKey = sessionKey;
|
encryptedData.sessionKey = sessionKey;
|
||||||
|
|
||||||
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options);
|
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options);
|
||||||
|
@ -361,6 +362,7 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
||||||
|
|
||||||
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(
|
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(
|
||||||
SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory)));
|
SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory)));
|
||||||
|
encryptedData.decryptionKey = new SubkeyIdentifier(decryptionKeyCandidate.getA(), privateKey.getKeyID());
|
||||||
encryptedData.sessionKey = sessionKey;
|
encryptedData.sessionKey = sessionKey;
|
||||||
|
|
||||||
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options);
|
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options);
|
||||||
|
@ -560,8 +562,6 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
||||||
final List<PGPSignature> correspondingSignatures;
|
final List<PGPSignature> correspondingSignatures;
|
||||||
boolean isLiteral = true;
|
boolean isLiteral = true;
|
||||||
|
|
||||||
final List<PGPSignature> verified = new ArrayList<>();
|
|
||||||
|
|
||||||
private Signatures(ConsumerOptions options) {
|
private Signatures(ConsumerOptions options) {
|
||||||
this.options = options;
|
this.options = options;
|
||||||
this.detachedSignatures = new ArrayList<>();
|
this.detachedSignatures = new ArrayList<>();
|
||||||
|
@ -580,24 +580,33 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
||||||
void addDetachedSignature(PGPSignature signature) {
|
void addDetachedSignature(PGPSignature signature) {
|
||||||
long keyId = SignatureUtils.determineIssuerKeyId(signature);
|
long keyId = SignatureUtils.determineIssuerKeyId(signature);
|
||||||
PGPPublicKeyRing certificate = findCertificate(keyId);
|
PGPPublicKeyRing certificate = findCertificate(keyId);
|
||||||
initialize(signature, certificate, keyId);
|
|
||||||
this.detachedSignatures.add(new DetachedOrPrependedSignature(signature, certificate, keyId));
|
if (certificate != null) {
|
||||||
|
initialize(signature, certificate, keyId);
|
||||||
|
this.detachedSignatures.add(new DetachedOrPrependedSignature(signature, certificate, keyId));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void addPrependedSignature(PGPSignature signature) {
|
void addPrependedSignature(PGPSignature signature) {
|
||||||
long keyId = SignatureUtils.determineIssuerKeyId(signature);
|
long keyId = SignatureUtils.determineIssuerKeyId(signature);
|
||||||
PGPPublicKeyRing certificate = findCertificate(keyId);
|
PGPPublicKeyRing certificate = findCertificate(keyId);
|
||||||
initialize(signature, certificate, keyId);
|
|
||||||
this.prependedSignatures.add(new DetachedOrPrependedSignature(signature, certificate, keyId));
|
if (certificate != null) {
|
||||||
|
initialize(signature, certificate, keyId);
|
||||||
|
this.prependedSignatures.add(new DetachedOrPrependedSignature(signature, certificate, keyId));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void addOnePassSignature(PGPOnePassSignature signature) {
|
void addOnePassSignature(PGPOnePassSignature signature) {
|
||||||
PGPPublicKeyRing certificate = findCertificate(signature.getKeyID());
|
PGPPublicKeyRing certificate = findCertificate(signature.getKeyID());
|
||||||
OnePassSignature ops = new OnePassSignature(signature, certificate, signature.getKeyID());
|
|
||||||
ops.init(certificate);
|
|
||||||
onePassSignatures.add(ops);
|
|
||||||
|
|
||||||
literalOPS.add(ops);
|
if (certificate != null) {
|
||||||
|
OnePassSignature ops = new OnePassSignature(signature, certificate, signature.getKeyID());
|
||||||
|
ops.init(certificate);
|
||||||
|
onePassSignatures.add(ops);
|
||||||
|
|
||||||
|
literalOPS.add(ops);
|
||||||
|
}
|
||||||
if (signature.isContaining()) {
|
if (signature.isContaining()) {
|
||||||
enterNesting();
|
enterNesting();
|
||||||
}
|
}
|
||||||
|
@ -898,6 +907,7 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
||||||
resultBuilder.setFileName(m.getFilename());
|
resultBuilder.setFileName(m.getFilename());
|
||||||
resultBuilder.setFileEncoding(m.getFormat());
|
resultBuilder.setFileEncoding(m.getFormat());
|
||||||
resultBuilder.setSessionKey(m.getSessionKey());
|
resultBuilder.setSessionKey(m.getSessionKey());
|
||||||
|
resultBuilder.setDecryptionKey(m.getDecryptionKey());
|
||||||
|
|
||||||
for (SignatureVerification accepted : m.getVerifiedDetachedSignatures()) {
|
for (SignatureVerification accepted : m.getVerifiedDetachedSignatures()) {
|
||||||
resultBuilder.addVerifiedDetachedSignature(accepted);
|
resultBuilder.addVerifiedDetachedSignature(accepted);
|
||||||
|
|
Loading…
Reference in a new issue