From e3ff1403a37ef0e42632e9ed33c149698502eaf2 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sun, 22 Aug 2021 22:17:50 +0200 Subject: [PATCH] sop: Enforce that any secret key argument only contains a single secret key --- .../src/main/java/org/pgpainless/sop/DecryptImpl.java | 7 +++++-- .../src/main/java/org/pgpainless/sop/EncryptImpl.java | 3 +++ .../src/main/java/org/pgpainless/sop/SignImpl.java | 8 +++++++- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java b/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java index e1bb6fb9..734dbee1 100644 --- a/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java +++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java @@ -104,8 +104,11 @@ public class DecryptImpl implements Decrypt { public DecryptImpl withKey(InputStream keyIn) throws SOPGPException.KeyIsProtected, SOPGPException.BadData, SOPGPException.UnsupportedAsymmetricAlgo { try { PGPSecretKeyRingCollection secretKeys = PGPainless.readKeyRing() - .keyRingCollection(keyIn, true) - .getPGPSecretKeyRingCollection(); + .secretKeyRingCollection(keyIn); + + if (secretKeys.size() != 1) { + throw new SOPGPException.BadData(new AssertionError("Exactly one single secret key expected. Got " + secretKeys.size())); + } for (PGPSecretKeyRing secretKey : secretKeys) { KeyRingInfo info = new KeyRingInfo(secretKey); diff --git a/pgpainless-sop/src/main/java/org/pgpainless/sop/EncryptImpl.java b/pgpainless-sop/src/main/java/org/pgpainless/sop/EncryptImpl.java index 548129fa..4ff1d1e2 100644 --- a/pgpainless-sop/src/main/java/org/pgpainless/sop/EncryptImpl.java +++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/EncryptImpl.java @@ -63,6 +63,9 @@ public class EncryptImpl implements Encrypt { public Encrypt signWith(InputStream keyIn) throws SOPGPException.KeyIsProtected, SOPGPException.CertCannotSign, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.BadData { try { PGPSecretKeyRingCollection keys = PGPainless.readKeyRing().secretKeyRingCollection(keyIn); + if (keys.size() != 1) { + throw new SOPGPException.BadData(new AssertionError("Exactly one secret key at a time expected. Got " + keys.size())); + } if (signingOptions == null) { signingOptions = SigningOptions.get(); diff --git a/pgpainless-sop/src/main/java/org/pgpainless/sop/SignImpl.java b/pgpainless-sop/src/main/java/org/pgpainless/sop/SignImpl.java index 88268622..2c3f499e 100644 --- a/pgpainless-sop/src/main/java/org/pgpainless/sop/SignImpl.java +++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/SignImpl.java @@ -24,6 +24,7 @@ import java.util.List; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.util.io.Streams; import org.pgpainless.PGPainless; @@ -62,7 +63,12 @@ public class SignImpl implements Sign { @Override public Sign key(InputStream keyIn) throws SOPGPException.KeyIsProtected, SOPGPException.BadData, IOException { try { - PGPSecretKeyRing key = PGPainless.readKeyRing().secretKeyRing(keyIn); + PGPSecretKeyRingCollection keys = PGPainless.readKeyRing().secretKeyRingCollection(keyIn); + if (keys.size() != 1) { + throw new SOPGPException.BadData(new AssertionError("Exactly one secret key at a time expected. Got " + keys.size())); + } + + PGPSecretKeyRing key = keys.iterator().next(); KeyRingInfo info = new KeyRingInfo(key); if (!info.isFullyDecrypted()) { throw new SOPGPException.KeyIsProtected();