crypto-pgpainless: prepare for error handling (#1877)

author: Harsh Shandilya <me@msfjarvis.dev> 2022-04-27 22:32:36 +0530
committer: GitHub <noreply@github.com> 2022-04-27 17:02:36 +0000
commit: d4a4ac06ed419221d3a1f967ca3a66b1e163ddb8 (patch)
tree: 8f501a3443e4fb422a213fc169f198f23e4fc511 /crypto-pgpainless
parent: b8b069364289421a875bdc6227c8554161e26183 (diff)
2 files changed, 74 insertions, 31 deletions
diff --git a/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt b/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt
index 637c8586..416f4bb4 100644
--- a/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt
+++ b/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt
@@ -5,6 +5,12 @@
 
 package dev.msfjarvis.aps.crypto
 
+import com.github.michaelbull.result.Result
+import com.github.michaelbull.result.mapError
+import com.github.michaelbull.result.runCatching
+import dev.msfjarvis.aps.crypto.errors.CryptoHandlerException
+import dev.msfjarvis.aps.crypto.errors.IncorrectPassphraseException
+import dev.msfjarvis.aps.crypto.errors.UnknownError
 import java.io.ByteArrayInputStream
 import java.io.InputStream
 import java.io.OutputStream
@@ -15,6 +21,7 @@ import org.pgpainless.PGPainless
 import org.pgpainless.decryption_verification.ConsumerOptions
 import org.pgpainless.encryption_signing.EncryptionOptions
 import org.pgpainless.encryption_signing.ProducerOptions
+import org.pgpainless.exception.WrongPassphraseException
 import org.pgpainless.key.protection.PasswordBasedSecretKeyRingProtector
 import org.pgpainless.util.Passphrase
 
@@ -25,44 +32,56 @@ public class PGPainlessCryptoHandler @Inject constructor() : CryptoHandler<PGPKe
     passphrase: String,
     ciphertextStream: InputStream,
     outputStream: OutputStream,
-  ) {
-    val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(privateKey.contents)
-    val keyringCollection = PGPSecretKeyRingCollection(listOf(pgpSecretKeyRing))
-    val protector =
-      PasswordBasedSecretKeyRingProtector.forKey(
-        pgpSecretKeyRing,
-        Passphrase.fromPassword(passphrase)
-      )
-    PGPainless.decryptAndOrVerify()
-      .onInputStream(ciphertextStream)
-      .withOptions(
-        ConsumerOptions()
-          .addDecryptionKeys(keyringCollection, protector)
-          .addDecryptionPassphrase(Passphrase.fromPassword(passphrase))
-      )
-      .use { decryptionStream -> decryptionStream.copyTo(outputStream) }
-  }
+  ): Result<Unit, CryptoHandlerException> =
+    runCatching {
+        val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(privateKey.contents)
+        val keyringCollection = PGPSecretKeyRingCollection(listOf(pgpSecretKeyRing))
+        val protector =
+          PasswordBasedSecretKeyRingProtector.forKey(
+            pgpSecretKeyRing,
+            Passphrase.fromPassword(passphrase)
+          )
+        PGPainless.decryptAndOrVerify()
+          .onInputStream(ciphertextStream)
+          .withOptions(
+            ConsumerOptions()
+              .addDecryptionKeys(keyringCollection, protector)
+              .addDecryptionPassphrase(Passphrase.fromPassword(passphrase))
+          )
+          .use { decryptionStream -> decryptionStream.copyTo(outputStream) }
+        return@runCatching
+      }
+      .mapError { error ->
+        when (error) {
+          is WrongPassphraseException -> IncorrectPassphraseException(error)
+          else -> UnknownError(error)
+        }
+      }
 
   public override fun encrypt(
     keys: List<PGPKey>,
     plaintextStream: InputStream,
     outputStream: OutputStream,
-  ) {
-    val armoredKeys = keys.map { key -> key.contents.decodeToString() }
-    val pubKeysStream = ByteArrayInputStream(armoredKeys.joinToString("\n").toByteArray())
-    val publicKeyRingCollection =
-      pubKeysStream.use {
-        ArmoredInputStream(it).use { armoredInputStream ->
-          PGPainless.readKeyRing().publicKeyRingCollection(armoredInputStream)
+  ): Result<Unit, CryptoHandlerException> =
+    runCatching {
+        val armoredKeys = keys.map { key -> key.contents.decodeToString() }
+        val pubKeysStream = ByteArrayInputStream(armoredKeys.joinToString("\n").toByteArray())
+        val publicKeyRingCollection =
+          pubKeysStream.use {
+            ArmoredInputStream(it).use { armoredInputStream ->
+              PGPainless.readKeyRing().publicKeyRingCollection(armoredInputStream)
+            }
+          }
+        val encOpt =
+          EncryptionOptions().apply { publicKeyRingCollection.forEach { addRecipient(it) } }
+        val prodOpt = ProducerOptions.encrypt(encOpt).setAsciiArmor(true)
+        PGPainless.encryptAndOrSign().onOutputStream(outputStream).withOptions(prodOpt).use {
+          encryptionStream ->
+          plaintextStream.copyTo(encryptionStream)
         }
+        return@runCatching
       }
-    val encOpt = EncryptionOptions().apply { publicKeyRingCollection.forEach { addRecipient(it) } }
-    val prodOpt = ProducerOptions.encrypt(encOpt).setAsciiArmor(true)
-    PGPainless.encryptAndOrSign().onOutputStream(outputStream).withOptions(prodOpt).use {
-      encryptionStream ->
-      plaintextStream.copyTo(encryptionStream)
-    }
-  }
+      .mapError { error -> UnknownError(error) }
 
   public override fun canHandle(fileName: String): Boolean {
     return fileName.split('.').lastOrNull() == "gpg"
diff --git a/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt b/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt
index 9b4cb664..a9484317 100644
--- a/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt
+++ b/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt
@@ -5,10 +5,14 @@
 
 package dev.msfjarvis.aps.crypto
 
+import com.github.michaelbull.result.Err
+import com.github.michaelbull.result.getError
+import dev.msfjarvis.aps.crypto.errors.IncorrectPassphraseException
 import java.io.ByteArrayOutputStream
 import kotlin.test.Test
 import kotlin.test.assertEquals
 import kotlin.test.assertFalse
+import kotlin.test.assertIs
 import kotlin.test.assertTrue
 
 class PGPainlessCryptoHandlerTest {
@@ -36,6 +40,26 @@ class PGPainlessCryptoHandlerTest {
   }
 
   @Test
+  fun decryptWithWrongPassphrase() {
+    val ciphertextStream = ByteArrayOutputStream()
+    cryptoHandler.encrypt(
+      listOf(publicKey),
+      CryptoConstants.PLAIN_TEXT.byteInputStream(Charsets.UTF_8),
+      ciphertextStream,
+    )
+    val plaintextStream = ByteArrayOutputStream()
+    val result =
+      cryptoHandler.decrypt(
+        privateKey,
+        "very incorrect passphrase",
+        ciphertextStream.toByteArray().inputStream(),
+        plaintextStream,
+      )
+    assertIs<Err<Throwable>>(result)
+    assertIs<IncorrectPassphraseException>(result.getError())
+  }
+
+  @Test
   fun canHandleFiltersFormats() {
     assertFalse { cryptoHandler.canHandle("example.com") }
     assertTrue { cryptoHandler.canHandle("example.com.gpg") }
author	Harsh Shandilya <me@msfjarvis.dev>	2022-04-27 22:32:36 +0530
committer	GitHub <noreply@github.com>	2022-04-27 17:02:36 +0000
commit	d4a4ac06ed419221d3a1f967ca3a66b1e163ddb8 (patch)
tree	8f501a3443e4fb422a213fc169f198f23e4fc511 /crypto-pgpainless
parent	b8b069364289421a875bdc6227c8554161e26183 (diff)