summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHarsh Shandilya <me@msfjarvis.dev>2022-04-27 22:32:36 +0530
committerGitHub <noreply@github.com>2022-04-27 17:02:36 +0000
commitd4a4ac06ed419221d3a1f967ca3a66b1e163ddb8 (patch)
tree8f501a3443e4fb422a213fc169f198f23e4fc511
parentb8b069364289421a875bdc6227c8554161e26183 (diff)
crypto-pgpainless: prepare for error handling (#1877)
-rw-r--r--app/src/main/java/dev/msfjarvis/aps/data/crypto/CryptoRepository.kt5
-rw-r--r--build-logic/kotlin-plugins/src/main/kotlin/com.github.android-password-store.kotlin-library.gradle.kts6
-rw-r--r--crypto-common/src/main/kotlin/dev/msfjarvis/aps/crypto/CryptoHandler.kt13
-rw-r--r--crypto-common/src/main/kotlin/dev/msfjarvis/aps/crypto/errors/CryptoException.kt13
-rw-r--r--crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt81
-rw-r--r--crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt24
6 files changed, 98 insertions, 44 deletions
diff --git a/app/src/main/java/dev/msfjarvis/aps/data/crypto/CryptoRepository.kt b/app/src/main/java/dev/msfjarvis/aps/data/crypto/CryptoRepository.kt
index 2923b117..0e262e7a 100644
--- a/app/src/main/java/dev/msfjarvis/aps/data/crypto/CryptoRepository.kt
+++ b/app/src/main/java/dev/msfjarvis/aps/data/crypto/CryptoRepository.kt
@@ -5,7 +5,6 @@
package dev.msfjarvis.aps.data.crypto
-import com.github.michaelbull.result.runCatching
import com.github.michaelbull.result.unwrap
import dev.msfjarvis.aps.crypto.PGPKeyManager
import dev.msfjarvis.aps.crypto.PGPainlessCryptoHandler
@@ -42,9 +41,7 @@ constructor(
) {
val keys = pgpKeyManager.getAllKeys().unwrap()
// Iterates through the keys until the first successful decryption, then returns.
- keys.firstOrNull { key ->
- runCatching { pgpCryptoHandler.decrypt(key, password, message, out) }.isOk()
- }
+ keys.firstOrNull { key -> pgpCryptoHandler.decrypt(key, password, message, out).isOk() }
}
private suspend fun encryptPgp(content: ByteArrayInputStream, out: ByteArrayOutputStream) {
diff --git a/build-logic/kotlin-plugins/src/main/kotlin/com.github.android-password-store.kotlin-library.gradle.kts b/build-logic/kotlin-plugins/src/main/kotlin/com.github.android-password-store.kotlin-library.gradle.kts
index ecd7f23e..516f5e4f 100644
--- a/build-logic/kotlin-plugins/src/main/kotlin/com.github.android-password-store.kotlin-library.gradle.kts
+++ b/build-logic/kotlin-plugins/src/main/kotlin/com.github.android-password-store.kotlin-library.gradle.kts
@@ -10,10 +10,8 @@ plugins { id("com.github.android-password-store.kotlin-common") }
tasks.withType<KotlinCompile>().configureEach {
kotlinOptions {
- if (project.providers.gradleProperty("android.injected.invoked.from.ide").orNull != "true") {
- if (!name.contains("test", ignoreCase = true)) {
- freeCompilerArgs = freeCompilerArgs + listOf("-Xexplicit-api=strict")
- }
+ if (!name.contains("test", ignoreCase = true)) {
+ freeCompilerArgs += listOf("-Xexplicit-api=strict")
}
}
}
diff --git a/crypto-common/src/main/kotlin/dev/msfjarvis/aps/crypto/CryptoHandler.kt b/crypto-common/src/main/kotlin/dev/msfjarvis/aps/crypto/CryptoHandler.kt
index fc4c500d..e8e9f995 100644
--- a/crypto-common/src/main/kotlin/dev/msfjarvis/aps/crypto/CryptoHandler.kt
+++ b/crypto-common/src/main/kotlin/dev/msfjarvis/aps/crypto/CryptoHandler.kt
@@ -5,6 +5,8 @@
package dev.msfjarvis.aps.crypto
+import com.github.michaelbull.result.Result
+import dev.msfjarvis.aps.crypto.errors.CryptoHandlerException
import java.io.InputStream
import java.io.OutputStream
@@ -13,24 +15,27 @@ public interface CryptoHandler<Key> {
/**
* Decrypt the given [ciphertextStream] using a [privateKey] and [passphrase], and writes the
- * resultant plaintext to [outputStream].
+ * resultant plaintext to [outputStream]. The returned [Result] should be checked to ensure it is
+ * **not** an instance of [com.github.michaelbull.result.Err] before the contents of
+ * [outputStream] are used.
*/
public fun decrypt(
privateKey: Key,
passphrase: String,
ciphertextStream: InputStream,
outputStream: OutputStream,
- )
+ ): Result<Unit, CryptoHandlerException>
/**
* Encrypt the given [plaintextStream] to the provided [keys], and writes the encrypted ciphertext
- * to [outputStream].
+ * to [outputStream]. The returned [Result] should be checked to ensure it is **not** an instance
+ * of [com.github.michaelbull.result.Err] before the contents of [outputStream] are used.
*/
public fun encrypt(
keys: List<Key>,
plaintextStream: InputStream,
outputStream: OutputStream,
- )
+ ): Result<Unit, CryptoHandlerException>
/** Given a [fileName], return whether this instance can handle it. */
public fun canHandle(fileName: String): Boolean
diff --git a/crypto-common/src/main/kotlin/dev/msfjarvis/aps/crypto/errors/CryptoException.kt b/crypto-common/src/main/kotlin/dev/msfjarvis/aps/crypto/errors/CryptoException.kt
index 5e911c35..0fb75691 100644
--- a/crypto-common/src/main/kotlin/dev/msfjarvis/aps/crypto/errors/CryptoException.kt
+++ b/crypto-common/src/main/kotlin/dev/msfjarvis/aps/crypto/errors/CryptoException.kt
@@ -2,7 +2,8 @@ package dev.msfjarvis.aps.crypto.errors
import dev.msfjarvis.aps.crypto.KeyManager
-public sealed class CryptoException(message: String? = null) : Exception(message)
+public sealed class CryptoException(message: String? = null, cause: Throwable? = null) :
+ Exception(message, cause)
/** Sealed exception types for [KeyManager]. */
public sealed class KeyManagerException(message: String? = null) : CryptoException(message)
@@ -28,3 +29,13 @@ public class KeyNotFoundException(keyId: String) :
/** Attempting to add another key for [keyId] without requesting a replace. */
public class KeyAlreadyExistsException(keyId: String) :
KeyManagerException("Pre-existing key was found for $keyId")
+
+/** Sealed exception types for [CryptoHandler]. */
+public sealed class CryptoHandlerException(message: String? = null, cause: Throwable? = null) :
+ CryptoException(message, cause)
+
+/** The passphrase provided for decryption was incorrect. */
+public class IncorrectPassphraseException(cause: Throwable) : CryptoHandlerException(null, cause)
+
+/** An unexpected error that cannot be mapped to a known type. */
+public class UnknownError(cause: Throwable) : CryptoHandlerException(null, cause)
diff --git a/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt b/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt
index 637c8586..416f4bb4 100644
--- a/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt
+++ b/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt
@@ -5,6 +5,12 @@
package dev.msfjarvis.aps.crypto
+import com.github.michaelbull.result.Result
+import com.github.michaelbull.result.mapError
+import com.github.michaelbull.result.runCatching
+import dev.msfjarvis.aps.crypto.errors.CryptoHandlerException
+import dev.msfjarvis.aps.crypto.errors.IncorrectPassphraseException
+import dev.msfjarvis.aps.crypto.errors.UnknownError
import java.io.ByteArrayInputStream
import java.io.InputStream
import java.io.OutputStream
@@ -15,6 +21,7 @@ import org.pgpainless.PGPainless
import org.pgpainless.decryption_verification.ConsumerOptions
import org.pgpainless.encryption_signing.EncryptionOptions
import org.pgpainless.encryption_signing.ProducerOptions
+import org.pgpainless.exception.WrongPassphraseException
import org.pgpainless.key.protection.PasswordBasedSecretKeyRingProtector
import org.pgpainless.util.Passphrase
@@ -25,44 +32,56 @@ public class PGPainlessCryptoHandler @Inject constructor() : CryptoHandler<PGPKe
passphrase: String,
ciphertextStream: InputStream,
outputStream: OutputStream,
- ) {
- val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(privateKey.contents)
- val keyringCollection = PGPSecretKeyRingCollection(listOf(pgpSecretKeyRing))
- val protector =
- PasswordBasedSecretKeyRingProtector.forKey(
- pgpSecretKeyRing,
- Passphrase.fromPassword(passphrase)
- )
- PGPainless.decryptAndOrVerify()
- .onInputStream(ciphertextStream)
- .withOptions(
- ConsumerOptions()
- .addDecryptionKeys(keyringCollection, protector)
- .addDecryptionPassphrase(Passphrase.fromPassword(passphrase))
- )
- .use { decryptionStream -> decryptionStream.copyTo(outputStream) }
- }
+ ): Result<Unit, CryptoHandlerException> =
+ runCatching {
+ val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(privateKey.contents)
+ val keyringCollection = PGPSecretKeyRingCollection(listOf(pgpSecretKeyRing))
+ val protector =
+ PasswordBasedSecretKeyRingProtector.forKey(
+ pgpSecretKeyRing,
+ Passphrase.fromPassword(passphrase)
+ )
+ PGPainless.decryptAndOrVerify()
+ .onInputStream(ciphertextStream)
+ .withOptions(
+ ConsumerOptions()
+ .addDecryptionKeys(keyringCollection, protector)
+ .addDecryptionPassphrase(Passphrase.fromPassword(passphrase))
+ )
+ .use { decryptionStream -> decryptionStream.copyTo(outputStream) }
+ return@runCatching
+ }
+ .mapError { error ->
+ when (error) {
+ is WrongPassphraseException -> IncorrectPassphraseException(error)
+ else -> UnknownError(error)
+ }
+ }
public override fun encrypt(
keys: List<PGPKey>,
plaintextStream: InputStream,
outputStream: OutputStream,
- ) {
- val armoredKeys = keys.map { key -> key.contents.decodeToString() }
- val pubKeysStream = ByteArrayInputStream(armoredKeys.joinToString("\n").toByteArray())
- val publicKeyRingCollection =
- pubKeysStream.use {
- ArmoredInputStream(it).use { armoredInputStream ->
- PGPainless.readKeyRing().publicKeyRingCollection(armoredInputStream)
+ ): Result<Unit, CryptoHandlerException> =
+ runCatching {
+ val armoredKeys = keys.map { key -> key.contents.decodeToString() }
+ val pubKeysStream = ByteArrayInputStream(armoredKeys.joinToString("\n").toByteArray())
+ val publicKeyRingCollection =
+ pubKeysStream.use {
+ ArmoredInputStream(it).use { armoredInputStream ->
+ PGPainless.readKeyRing().publicKeyRingCollection(armoredInputStream)
+ }
+ }
+ val encOpt =
+ EncryptionOptions().apply { publicKeyRingCollection.forEach { addRecipient(it) } }
+ val prodOpt = ProducerOptions.encrypt(encOpt).setAsciiArmor(true)
+ PGPainless.encryptAndOrSign().onOutputStream(outputStream).withOptions(prodOpt).use {
+ encryptionStream ->
+ plaintextStream.copyTo(encryptionStream)
}
+ return@runCatching
}
- val encOpt = EncryptionOptions().apply { publicKeyRingCollection.forEach { addRecipient(it) } }
- val prodOpt = ProducerOptions.encrypt(encOpt).setAsciiArmor(true)
- PGPainless.encryptAndOrSign().onOutputStream(outputStream).withOptions(prodOpt).use {
- encryptionStream ->
- plaintextStream.copyTo(encryptionStream)
- }
- }
+ .mapError { error -> UnknownError(error) }
public override fun canHandle(fileName: String): Boolean {
return fileName.split('.').lastOrNull() == "gpg"
diff --git a/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt b/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt
index 9b4cb664..a9484317 100644
--- a/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt
+++ b/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt
@@ -5,10 +5,14 @@
package dev.msfjarvis.aps.crypto
+import com.github.michaelbull.result.Err
+import com.github.michaelbull.result.getError
+import dev.msfjarvis.aps.crypto.errors.IncorrectPassphraseException
import java.io.ByteArrayOutputStream
import kotlin.test.Test
import kotlin.test.assertEquals
import kotlin.test.assertFalse
+import kotlin.test.assertIs
import kotlin.test.assertTrue
class PGPainlessCryptoHandlerTest {
@@ -36,6 +40,26 @@ class PGPainlessCryptoHandlerTest {
}
@Test
+ fun decryptWithWrongPassphrase() {
+ val ciphertextStream = ByteArrayOutputStream()
+ cryptoHandler.encrypt(
+ listOf(publicKey),
+ CryptoConstants.PLAIN_TEXT.byteInputStream(Charsets.UTF_8),
+ ciphertextStream,
+ )
+ val plaintextStream = ByteArrayOutputStream()
+ val result =
+ cryptoHandler.decrypt(
+ privateKey,
+ "very incorrect passphrase",
+ ciphertextStream.toByteArray().inputStream(),
+ plaintextStream,
+ )
+ assertIs<Err<Throwable>>(result)
+ assertIs<IncorrectPassphraseException>(result.getError())
+ }
+
+ @Test
fun canHandleFiltersFormats() {
assertFalse { cryptoHandler.canHandle("example.com") }
assertTrue { cryptoHandler.canHandle("example.com.gpg") }