Yet another patch for ASCII armor detection -.-

2022-02-15 14:21:28 +01:00 · 2022-02-15 14:21:28 +01:00 · e8da3b30d8
parent f3cf3456ab
commit e8da3b30d8
2 changed files with 80 additions and 3 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
@ -172,8 +172,7 @@ public final class DecryptionStreamFactory {
                LOGGER.debug("The message is apparently not armored.");
                bufferedIn.reset();
                decoderStream = bufferedIn;
-                objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(decoderStream);
-                inputStream = wrapInVerifySignatureStream(bufferedIn, objectFactory);
+                inputStream = wrapInVerifySignatureStream(bufferedIn, null);
            } else {
                throw new FinalIOException(e);
            }
@ -214,6 +213,9 @@ public final class DecryptionStreamFactory {
        } catch (FinalIOException e) {
            throw e;
        } catch (IOException e) {
+            if (depth == 1 && e.getMessage().contains("invalid armor")) {
+                throw e;
+            }
            if (depth == 1 && e.getMessage().contains("unknown object in stream:")) {
                throw new MissingLiteralDataException("No Literal Data Packet found.");
            } else {
--- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyDetachedSignatureTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyDetachedSignatureTest.java
@ -19,7 +19,7 @@ import org.pgpainless.decryption_verification.cleartext_signatures.InMemoryMulti
 public class VerifyDetachedSignatureTest {

    @Test
-    public void verify() throws PGPException, IOException {
+    public void test1() throws PGPException, IOException {
        String signedContent = "Content-Type: multipart/mixed; boundary=\"OSR6TONWKJD9dgyc2XH5AQPNnAs7pdg1t\"\n" +
                "\n" +
                "--OSR6TONWKJD9dgyc2XH5AQPNnAs7pdg1t\n" +
@ -68,4 +68,79 @@ public class VerifyDetachedSignatureTest {
        OpenPgpMetadata metadata = verifier.getResult();
        assertTrue(metadata.isVerified());
    }
+
+    @Test
+    public void test2() throws PGPException, IOException {
+        String signedContent = "Content-Type: multipart/mixed; boundary=\"------------26m0wPaTDf7nRDIftnMj4qjE\";\r\n" +
+                " protected-headers=\"v1\"\r\n" +
+                "From: Denys <denbond7@flowcrypt.test>\r\n" +
+                "To: default@flowcrypt.test\r\n" +
+                "Message-ID: <b2ffb55b-3ef0-4ce2-b522-85bd730bfa7e@flowcrypt.test>\r\n" +
+                "Subject: Signed + pub key\r\n" +
+                "\r\n" +
+                "--------------26m0wPaTDf7nRDIftnMj4qjE\r\n" +
+                "Content-Type: multipart/mixed; boundary=\"------------RQxi6oNuQI1n8MnuNglORR5s\"\r\n" +
+                "\r\n" +
+                "--------------RQxi6oNuQI1n8MnuNglORR5s\r\n" +
+                "Content-Type: text/plain; charset=UTF-8; format=flowed\r\n" +
+                "Content-Transfer-Encoding: base64\r\n" +
+                "\r\n" +
+                "U29tZSBpbXBvcnRhbnQgdGV4dA0KDQo=\r\n" +
+                "--------------RQxi6oNuQI1n8MnuNglORR5s\r\n" +
+                "Content-Type: application/pgp-keys; name=\"OpenPGP_0xC32089CD6AF8D6CE.asc\"\r\n" +
+                "Content-Disposition: attachment; filename=\"OpenPGP_0xC32089CD6AF8D6CE.asc\"\r\n" +
+                "Content-Description: OpenPGP public key\r\n" +
+                "Content-Transfer-Encoding: quoted-printable\r\n" +
+                "\r\n" +
+                "-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n" +
+                "\r\n" +
+                "xjMEYIucWBYJKwYBBAHaRw8BAQdAew+8mzMWyf3+Pfy49qa60uKV6e5os7de4TdZ\r\n" +
+                "ceAWUq/NF2RlbmJvbmQ3QGZsb3djcnlwdC50ZXN0wngEExYKACAFAmCLnFgCGwMF\r\n" +
+                "FgIDAQAECwkIBwUVCgkICwIeAQIZAQAKCRDDIInNavjWzm3JAQCgFgCEyD58iEa/\r\n" +
+                "Rw/DYNoQNoZC1lhw1bxBiOcIbtkdBgEAsDFZu3TBavOMKI7KW+vfMBHtRVbkMNpv\r\n" +
+                "unaAldoabgPOOARgi5xYEgorBgEEAZdVAQUBAQdAB1/Mrq5JGYim4KqGTSK4OESQ\r\n" +
+                "UwPgK56q0yrkiU9WgyYDAQgHwnUEGBYKAB0FAmCLnFgCGwwFFgIDAQAECwkIBwUV\r\n" +
+                "CgkICwIeAQAKCRDDIInNavjWzjMgAQCU+R1fItqdY6lt9jXUqipmXuqVaEFPwNA8\r\n" +
+                "YJ1rIwDwVQEAyUc8162KWzA2iQB5akwLwNr/pLDDtOWwhLUkrBb3mAc=3D\r\n" +
+                "=3DyJxA\r\n" +
+                "-----END PGP PUBLIC KEY BLOCK-----\r\n" +
+                "\r\n" +
+                "--------------RQxi6oNuQI1n8MnuNglORR5s--\r\n" +
+                "\r\n" +
+                "--------------26m0wPaTDf7nRDIftnMj4qjE--\r\n";
+        String signature = "-----BEGIN PGP SIGNATURE-----\n" +
+                "\n" +
+                "wnsEABYIACMWIQTBZCjWAcs5N4nPYdTDIInNavjWzgUCYguNRQUDAAAAAAAKCRDDIInNavjWzoxf\n" +
+                "AQCOCu6bityLBbY1MPF+smwYLjkJvzEHf+ErXC7KkI4mnAEAn7FPPOzJAwWENv8a//0zg4P9Ymdr\n" +
+                "uyp1EJ1tsavXRQA=\n" +
+                "=K5yW\n" +
+                "-----END PGP SIGNATURE-----\n";
+        String pubkey = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
+                "Version: PGPainless\n" +
+                "\n" +
+                "mDMEYIucWBYJKwYBBAHaRw8BAQdAew+8mzMWyf3+Pfy49qa60uKV6e5os7de4TdZ\n" +
+                "ceAWUq+0F2RlbmJvbmQ3QGZsb3djcnlwdC50ZXN0iHgEExYKACAFAmCLnFgCGwMF\n" +
+                "FgIDAQAECwkIBwUVCgkICwIeAQIZAQAKCRDDIInNavjWzm3JAQCgFgCEyD58iEa/\n" +
+                "Rw/DYNoQNoZC1lhw1bxBiOcIbtkdBgEAsDFZu3TBavOMKI7KW+vfMBHtRVbkMNpv\n" +
+                "unaAldoabgO4OARgi5xYEgorBgEEAZdVAQUBAQdAB1/Mrq5JGYim4KqGTSK4OESQ\n" +
+                "UwPgK56q0yrkiU9WgyYDAQgHiHUEGBYKAB0FAmCLnFgCGwwFFgIDAQAECwkIBwUV\n" +
+                "CgkICwIeAQAKCRDDIInNavjWzjMgAQCU+R1fItqdY6lt9jXUqipmXuqVaEFPwNA8\n" +
+                "YJ1rIwDwVQEAyUc8162KWzA2iQB5akwLwNr/pLDDtOWwhLUkrBb3mAc=\n" +
+                "=pXF6\n" +
+                "-----END PGP PUBLIC KEY BLOCK-----\n";
+
+        DecryptionStream verifier = PGPainless.decryptAndOrVerify()
+                .onInputStream(new ByteArrayInputStream(signedContent.getBytes(StandardCharsets.UTF_8)))
+                .withOptions(
+                        new ConsumerOptions()
+                                .addVerificationOfDetachedSignatures(new ByteArrayInputStream(signature.getBytes(StandardCharsets.UTF_8)))
+                                .addVerificationCerts(PGPainless.readKeyRing().keyRingCollection(pubkey, true).getPgpPublicKeyRingCollection())
+                                .setMultiPassStrategy(new InMemoryMultiPassStrategy())
+                );
+
+        Streams.drain(verifier);
+        verifier.close();
+        OpenPgpMetadata metadata = verifier.getResult();
+        assertTrue(metadata.isVerified());
+    }
 }