diff options
Diffstat (limited to 'crypto-pgpainless')
-rw-r--r-- | crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt | 81 | ||||
-rw-r--r-- | crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt | 24 |
2 files changed, 74 insertions, 31 deletions
diff --git a/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt b/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt index 637c8586..416f4bb4 100644 --- a/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt +++ b/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt @@ -5,6 +5,12 @@ package dev.msfjarvis.aps.crypto +import com.github.michaelbull.result.Result +import com.github.michaelbull.result.mapError +import com.github.michaelbull.result.runCatching +import dev.msfjarvis.aps.crypto.errors.CryptoHandlerException +import dev.msfjarvis.aps.crypto.errors.IncorrectPassphraseException +import dev.msfjarvis.aps.crypto.errors.UnknownError import java.io.ByteArrayInputStream import java.io.InputStream import java.io.OutputStream @@ -15,6 +21,7 @@ import org.pgpainless.PGPainless import org.pgpainless.decryption_verification.ConsumerOptions import org.pgpainless.encryption_signing.EncryptionOptions import org.pgpainless.encryption_signing.ProducerOptions +import org.pgpainless.exception.WrongPassphraseException import org.pgpainless.key.protection.PasswordBasedSecretKeyRingProtector import org.pgpainless.util.Passphrase @@ -25,44 +32,56 @@ public class PGPainlessCryptoHandler @Inject constructor() : CryptoHandler<PGPKe passphrase: String, ciphertextStream: InputStream, outputStream: OutputStream, - ) { - val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(privateKey.contents) - val keyringCollection = PGPSecretKeyRingCollection(listOf(pgpSecretKeyRing)) - val protector = - PasswordBasedSecretKeyRingProtector.forKey( - pgpSecretKeyRing, - Passphrase.fromPassword(passphrase) - ) - PGPainless.decryptAndOrVerify() - .onInputStream(ciphertextStream) - .withOptions( - ConsumerOptions() - .addDecryptionKeys(keyringCollection, protector) - .addDecryptionPassphrase(Passphrase.fromPassword(passphrase)) - ) - .use { decryptionStream -> decryptionStream.copyTo(outputStream) } - } + ): Result<Unit, CryptoHandlerException> = + runCatching { + val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(privateKey.contents) + val keyringCollection = PGPSecretKeyRingCollection(listOf(pgpSecretKeyRing)) + val protector = + PasswordBasedSecretKeyRingProtector.forKey( + pgpSecretKeyRing, + Passphrase.fromPassword(passphrase) + ) + PGPainless.decryptAndOrVerify() + .onInputStream(ciphertextStream) + .withOptions( + ConsumerOptions() + .addDecryptionKeys(keyringCollection, protector) + .addDecryptionPassphrase(Passphrase.fromPassword(passphrase)) + ) + .use { decryptionStream -> decryptionStream.copyTo(outputStream) } + return@runCatching + } + .mapError { error -> + when (error) { + is WrongPassphraseException -> IncorrectPassphraseException(error) + else -> UnknownError(error) + } + } public override fun encrypt( keys: List<PGPKey>, plaintextStream: InputStream, outputStream: OutputStream, - ) { - val armoredKeys = keys.map { key -> key.contents.decodeToString() } - val pubKeysStream = ByteArrayInputStream(armoredKeys.joinToString("\n").toByteArray()) - val publicKeyRingCollection = - pubKeysStream.use { - ArmoredInputStream(it).use { armoredInputStream -> - PGPainless.readKeyRing().publicKeyRingCollection(armoredInputStream) + ): Result<Unit, CryptoHandlerException> = + runCatching { + val armoredKeys = keys.map { key -> key.contents.decodeToString() } + val pubKeysStream = ByteArrayInputStream(armoredKeys.joinToString("\n").toByteArray()) + val publicKeyRingCollection = + pubKeysStream.use { + ArmoredInputStream(it).use { armoredInputStream -> + PGPainless.readKeyRing().publicKeyRingCollection(armoredInputStream) + } + } + val encOpt = + EncryptionOptions().apply { publicKeyRingCollection.forEach { addRecipient(it) } } + val prodOpt = ProducerOptions.encrypt(encOpt).setAsciiArmor(true) + PGPainless.encryptAndOrSign().onOutputStream(outputStream).withOptions(prodOpt).use { + encryptionStream -> + plaintextStream.copyTo(encryptionStream) } + return@runCatching } - val encOpt = EncryptionOptions().apply { publicKeyRingCollection.forEach { addRecipient(it) } } - val prodOpt = ProducerOptions.encrypt(encOpt).setAsciiArmor(true) - PGPainless.encryptAndOrSign().onOutputStream(outputStream).withOptions(prodOpt).use { - encryptionStream -> - plaintextStream.copyTo(encryptionStream) - } - } + .mapError { error -> UnknownError(error) } public override fun canHandle(fileName: String): Boolean { return fileName.split('.').lastOrNull() == "gpg" diff --git a/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt b/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt index 9b4cb664..a9484317 100644 --- a/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt +++ b/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt @@ -5,10 +5,14 @@ package dev.msfjarvis.aps.crypto +import com.github.michaelbull.result.Err +import com.github.michaelbull.result.getError +import dev.msfjarvis.aps.crypto.errors.IncorrectPassphraseException import java.io.ByteArrayOutputStream import kotlin.test.Test import kotlin.test.assertEquals import kotlin.test.assertFalse +import kotlin.test.assertIs import kotlin.test.assertTrue class PGPainlessCryptoHandlerTest { @@ -36,6 +40,26 @@ class PGPainlessCryptoHandlerTest { } @Test + fun decryptWithWrongPassphrase() { + val ciphertextStream = ByteArrayOutputStream() + cryptoHandler.encrypt( + listOf(publicKey), + CryptoConstants.PLAIN_TEXT.byteInputStream(Charsets.UTF_8), + ciphertextStream, + ) + val plaintextStream = ByteArrayOutputStream() + val result = + cryptoHandler.decrypt( + privateKey, + "very incorrect passphrase", + ciphertextStream.toByteArray().inputStream(), + plaintextStream, + ) + assertIs<Err<Throwable>>(result) + assertIs<IncorrectPassphraseException>(result.getError()) + } + + @Test fun canHandleFiltersFormats() { assertFalse { cryptoHandler.canHandle("example.com") } assertTrue { cryptoHandler.canHandle("example.com.gpg") } |