diff options
author | Harsh Shandilya <me@msfjarvis.dev> | 2024-05-27 20:59:20 +0530 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-27 15:29:20 +0000 |
commit | 0f9540a645ef66f3cf67294f75ba2c5d9d80078e (patch) | |
tree | 1f6e94f6565de5ee147b1fdcd694343cc6004d20 /crypto/pgpainless | |
parent | 1877c6ab5a987e08797b13e4dc619294d03d4c02 (diff) |
feat(pgpainless): add detection for passphrase-less messages (#3069)
* WIP: feat(pgpainless): add detection for passphrase-less messages
* refactor: test keys instead of the message
This makes more logical sense
Diffstat (limited to 'crypto/pgpainless')
-rw-r--r-- | crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt | 11 | ||||
-rw-r--r-- | crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt | 20 |
2 files changed, 31 insertions, 0 deletions
diff --git a/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt b/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt index 1aabe54f..b3f2a64b 100644 --- a/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt +++ b/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt @@ -11,6 +11,7 @@ import app.passwordstore.crypto.errors.NoKeysProvidedException import app.passwordstore.crypto.errors.NonStandardAEAD import app.passwordstore.crypto.errors.UnknownError import com.github.michaelbull.result.Result +import com.github.michaelbull.result.mapBoth import com.github.michaelbull.result.mapError import com.github.michaelbull.result.runCatching import java.io.InputStream @@ -140,4 +141,14 @@ public class PGPainlessCryptoHandler @Inject constructor() : public override fun canHandle(fileName: String): Boolean { return fileName.substringAfterLast('.', "") == "gpg" } + + public override fun isPassphraseProtected(keys: List<PGPKey>): Boolean = + keys + .mapNotNull { key -> PGPainless.readKeyRing().secretKeyRing(key.contents) } + .map(::keyringHasPassphrase) + .all { it } + + internal fun keyringHasPassphrase(keyRing: PGPSecretKeyRing) = + runCatching { keyRing.secretKey.extractPrivateKey(null) } + .mapBoth(success = { false }, failure = { true }) } diff --git a/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt b/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt index 5de2bf4f..600cc39d 100644 --- a/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt +++ b/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt @@ -156,6 +156,26 @@ class PGPainlessCryptoHandlerTest { } @Test + fun detectsKeysWithPassphrase() { + assertTrue(cryptoHandler.isPassphraseProtected(listOf(PGPKey(TestUtils.getArmoredSecretKey())))) + assertTrue( + cryptoHandler.isPassphraseProtected( + listOf(PGPKey(TestUtils.getArmoredSecretKeyWithMultipleIdentities())) + ) + ) + } + + @Test + fun detectsKeysWithoutPassphrase() { + // Uses the internal method instead of the public API because GnuPG seems to have made it + // impossible to generate a key without a passphrase and I can't care to find a magical + // incantation to convince it I am smarter than whatever they are protecting against. + assertFalse( + cryptoHandler.keyringHasPassphrase(PGPainless.generateKeyRing().modernKeyRing("John Doe")) + ) + } + + @Test fun canHandleFiltersFormats() { assertFalse { cryptoHandler.canHandle("example.com") } assertTrue { cryptoHandler.canHandle("example.com.gpg") } |