From d4a4ac06ed419221d3a1f967ca3a66b1e163ddb8 Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Wed, 27 Apr 2022 22:32:36 +0530 Subject: crypto-pgpainless: prepare for error handling (#1877) --- .../aps/crypto/PGPainlessCryptoHandler.kt | 81 +++++++++++++--------- .../aps/crypto/PGPainlessCryptoHandlerTest.kt | 24 +++++++ 2 files changed, 74 insertions(+), 31 deletions(-) (limited to 'crypto-pgpainless') diff --git a/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt b/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt index 637c8586..416f4bb4 100644 --- a/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt +++ b/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt @@ -5,6 +5,12 @@ package dev.msfjarvis.aps.crypto +import com.github.michaelbull.result.Result +import com.github.michaelbull.result.mapError +import com.github.michaelbull.result.runCatching +import dev.msfjarvis.aps.crypto.errors.CryptoHandlerException +import dev.msfjarvis.aps.crypto.errors.IncorrectPassphraseException +import dev.msfjarvis.aps.crypto.errors.UnknownError import java.io.ByteArrayInputStream import java.io.InputStream import java.io.OutputStream @@ -15,6 +21,7 @@ import org.pgpainless.PGPainless import org.pgpainless.decryption_verification.ConsumerOptions import org.pgpainless.encryption_signing.EncryptionOptions import org.pgpainless.encryption_signing.ProducerOptions +import org.pgpainless.exception.WrongPassphraseException import org.pgpainless.key.protection.PasswordBasedSecretKeyRingProtector import org.pgpainless.util.Passphrase @@ -25,44 +32,56 @@ public class PGPainlessCryptoHandler @Inject constructor() : CryptoHandler decryptionStream.copyTo(outputStream) } - } + ): Result = + runCatching { + val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(privateKey.contents) + val keyringCollection = PGPSecretKeyRingCollection(listOf(pgpSecretKeyRing)) + val protector = + PasswordBasedSecretKeyRingProtector.forKey( + pgpSecretKeyRing, + Passphrase.fromPassword(passphrase) + ) + PGPainless.decryptAndOrVerify() + .onInputStream(ciphertextStream) + .withOptions( + ConsumerOptions() + .addDecryptionKeys(keyringCollection, protector) + .addDecryptionPassphrase(Passphrase.fromPassword(passphrase)) + ) + .use { decryptionStream -> decryptionStream.copyTo(outputStream) } + return@runCatching + } + .mapError { error -> + when (error) { + is WrongPassphraseException -> IncorrectPassphraseException(error) + else -> UnknownError(error) + } + } public override fun encrypt( keys: List, plaintextStream: InputStream, outputStream: OutputStream, - ) { - val armoredKeys = keys.map { key -> key.contents.decodeToString() } - val pubKeysStream = ByteArrayInputStream(armoredKeys.joinToString("\n").toByteArray()) - val publicKeyRingCollection = - pubKeysStream.use { - ArmoredInputStream(it).use { armoredInputStream -> - PGPainless.readKeyRing().publicKeyRingCollection(armoredInputStream) + ): Result = + runCatching { + val armoredKeys = keys.map { key -> key.contents.decodeToString() } + val pubKeysStream = ByteArrayInputStream(armoredKeys.joinToString("\n").toByteArray()) + val publicKeyRingCollection = + pubKeysStream.use { + ArmoredInputStream(it).use { armoredInputStream -> + PGPainless.readKeyRing().publicKeyRingCollection(armoredInputStream) + } + } + val encOpt = + EncryptionOptions().apply { publicKeyRingCollection.forEach { addRecipient(it) } } + val prodOpt = ProducerOptions.encrypt(encOpt).setAsciiArmor(true) + PGPainless.encryptAndOrSign().onOutputStream(outputStream).withOptions(prodOpt).use { + encryptionStream -> + plaintextStream.copyTo(encryptionStream) } + return@runCatching } - val encOpt = EncryptionOptions().apply { publicKeyRingCollection.forEach { addRecipient(it) } } - val prodOpt = ProducerOptions.encrypt(encOpt).setAsciiArmor(true) - PGPainless.encryptAndOrSign().onOutputStream(outputStream).withOptions(prodOpt).use { - encryptionStream -> - plaintextStream.copyTo(encryptionStream) - } - } + .mapError { error -> UnknownError(error) } public override fun canHandle(fileName: String): Boolean { return fileName.split('.').lastOrNull() == "gpg" diff --git a/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt b/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt index 9b4cb664..a9484317 100644 --- a/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt +++ b/crypto-pgpainless/src/test/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandlerTest.kt @@ -5,10 +5,14 @@ package dev.msfjarvis.aps.crypto +import com.github.michaelbull.result.Err +import com.github.michaelbull.result.getError +import dev.msfjarvis.aps.crypto.errors.IncorrectPassphraseException import java.io.ByteArrayOutputStream import kotlin.test.Test import kotlin.test.assertEquals import kotlin.test.assertFalse +import kotlin.test.assertIs import kotlin.test.assertTrue class PGPainlessCryptoHandlerTest { @@ -35,6 +39,26 @@ class PGPainlessCryptoHandlerTest { assertEquals(CryptoConstants.PLAIN_TEXT, plaintextStream.toString(Charsets.UTF_8)) } + @Test + fun decryptWithWrongPassphrase() { + val ciphertextStream = ByteArrayOutputStream() + cryptoHandler.encrypt( + listOf(publicKey), + CryptoConstants.PLAIN_TEXT.byteInputStream(Charsets.UTF_8), + ciphertextStream, + ) + val plaintextStream = ByteArrayOutputStream() + val result = + cryptoHandler.decrypt( + privateKey, + "very incorrect passphrase", + ciphertextStream.toByteArray().inputStream(), + plaintextStream, + ) + assertIs>(result) + assertIs(result.getError()) + } + @Test fun canHandleFiltersFormats() { assertFalse { cryptoHandler.canHandle("example.com") } -- cgit v1.2.3