summaryrefslogtreecommitdiff
path: root/crypto-pgpainless/src
diff options
context:
space:
mode:
Diffstat (limited to 'crypto-pgpainless/src')
-rw-r--r--crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt81
-rw-r--r--crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt24
2 files changed, 74 insertions, 31 deletions
diff --git a/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt b/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt
index 637c8586..416f4bb4 100644
--- a/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt
+++ b/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt
@@ -5,6 +5,12 @@
package dev.msfjarvis.aps.crypto
+import com.github.michaelbull.result.Result
+import com.github.michaelbull.result.mapError
+import com.github.michaelbull.result.runCatching
+import dev.msfjarvis.aps.crypto.errors.CryptoHandlerException
+import dev.msfjarvis.aps.crypto.errors.IncorrectPassphraseException
+import dev.msfjarvis.aps.crypto.errors.UnknownError
import java.io.ByteArrayInputStream
import java.io.InputStream
import java.io.OutputStream
@@ -15,6 +21,7 @@ import org.pgpainless.PGPainless
import org.pgpainless.decryption_verification.ConsumerOptions
import org.pgpainless.encryption_signing.EncryptionOptions
import org.pgpainless.encryption_signing.ProducerOptions
+import org.pgpainless.exception.WrongPassphraseException
import org.pgpainless.key.protection.PasswordBasedSecretKeyRingProtector
import org.pgpainless.util.Passphrase
@@ -25,44 +32,56 @@ public class PGPainlessCryptoHandler @Inject constructor() : CryptoHandler<PGPKe
passphrase: String,
ciphertextStream: InputStream,
outputStream: OutputStream,
- ) {
- val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(privateKey.contents)
- val keyringCollection = PGPSecretKeyRingCollection(listOf(pgpSecretKeyRing))
- val protector =
- PasswordBasedSecretKeyRingProtector.forKey(
- pgpSecretKeyRing,
- Passphrase.fromPassword(passphrase)
- )
- PGPainless.decryptAndOrVerify()
- .onInputStream(ciphertextStream)
- .withOptions(
- ConsumerOptions()
- .addDecryptionKeys(keyringCollection, protector)
- .addDecryptionPassphrase(Passphrase.fromPassword(passphrase))
- )
- .use { decryptionStream -> decryptionStream.copyTo(outputStream) }
- }
+ ): Result<Unit, CryptoHandlerException> =
+ runCatching {
+ val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(privateKey.contents)
+ val keyringCollection = PGPSecretKeyRingCollection(listOf(pgpSecretKeyRing))
+ val protector =
+ PasswordBasedSecretKeyRingProtector.forKey(
+ pgpSecretKeyRing,
+ Passphrase.fromPassword(passphrase)
+ )
+ PGPainless.decryptAndOrVerify()
+ .onInputStream(ciphertextStream)
+ .withOptions(
+ ConsumerOptions()
+ .addDecryptionKeys(keyringCollection, protector)
+ .addDecryptionPassphrase(Passphrase.fromPassword(passphrase))
+ )
+ .use { decryptionStream -> decryptionStream.copyTo(outputStream) }
+ return@runCatching
+ }
+ .mapError { error ->
+ when (error) {
+ is WrongPassphraseException -> IncorrectPassphraseException(error)
+ else -> UnknownError(error)
+ }
+ }
public override fun encrypt(
keys: List<PGPKey>,
plaintextStream: InputStream,
outputStream: OutputStream,
- ) {
- val armoredKeys = keys.map { key -> key.contents.decodeToString() }
- val pubKeysStream = ByteArrayInputStream(armoredKeys.joinToString("\n").toByteArray())
- val publicKeyRingCollection =
- pubKeysStream.use {
- ArmoredInputStream(it).use { armoredInputStream ->
- PGPainless.readKeyRing().publicKeyRingCollection(armoredInputStream)
+ ): Result<Unit, CryptoHandlerException> =
+ runCatching {
+ val armoredKeys = keys.map { key -> key.contents.decodeToString() }
+ val pubKeysStream = ByteArrayInputStream(armoredKeys.joinToString("\n").toByteArray())
+ val publicKeyRingCollection =
+ pubKeysStream.use {
+ ArmoredInputStream(it).use { armoredInputStream ->
+ PGPainless.readKeyRing().publicKeyRingCollection(armoredInputStream)
+ }
+ }
+ val encOpt =
+ EncryptionOptions().apply { publicKeyRingCollection.forEach { addRecipient(it) } }
+ val prodOpt = ProducerOptions.encrypt(encOpt).setAsciiArmor(true)
+ PGPainless.encryptAndOrSign().onOutputStream(outputStream).withOptions(prodOpt).use {
+ encryptionStream ->
+ plaintextStream.copyTo(encryptionStream)
}
+ return@runCatching
}
- val encOpt = EncryptionOptions().apply { publicKeyRingCollection.forEach { addRecipient(it) } }
- val prodOpt = ProducerOptions.encrypt(encOpt).setAsciiArmor(true)
- PGPainless.encryptAndOrSign().onOutputStream(outputStream).withOptions(prodOpt).use {
- encryptionStream ->
- plaintextStream.copyTo(encryptionStream)
- }
- }
+ .mapError { error -> UnknownError(error) }
public override fun canHandle(fileName: String): Boolean {
return fileName.split('.').lastOrNull() == "gpg"
diff --git a/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt b/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt
index 9b4cb664..a9484317 100644
--- a/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt
+++ b/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt
@@ -5,10 +5,14 @@
package dev.msfjarvis.aps.crypto
+import com.github.michaelbull.result.Err
+import com.github.michaelbull.result.getError
+import dev.msfjarvis.aps.crypto.errors.IncorrectPassphraseException
import java.io.ByteArrayOutputStream
import kotlin.test.Test
import kotlin.test.assertEquals
import kotlin.test.assertFalse
+import kotlin.test.assertIs
import kotlin.test.assertTrue
class PGPainlessCryptoHandlerTest {
@@ -36,6 +40,26 @@ class PGPainlessCryptoHandlerTest {
}
@Test
+ fun decryptWithWrongPassphrase() {
+ val ciphertextStream = ByteArrayOutputStream()
+ cryptoHandler.encrypt(
+ listOf(publicKey),
+ CryptoConstants.PLAIN_TEXT.byteInputStream(Charsets.UTF_8),
+ ciphertextStream,
+ )
+ val plaintextStream = ByteArrayOutputStream()
+ val result =
+ cryptoHandler.decrypt(
+ privateKey,
+ "very incorrect passphrase",
+ ciphertextStream.toByteArray().inputStream(),
+ plaintextStream,
+ )
+ assertIs<Err<Throwable>>(result)
+ assertIs<IncorrectPassphraseException>(result.getError())
+ }
+
+ @Test
fun canHandleFiltersFormats() {
assertFalse { cryptoHandler.canHandle("example.com") }
assertTrue { cryptoHandler.canHandle("example.com.gpg") }