Fix unvalid cursor mark for large cleartext signed messages

Fixes #219, #220

pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java

@@ -53,6 +53,7 @@ public class ConsumerOptions {
     private MissingKeyPassphraseStrategy missingKeyPassphraseStrategy = MissingKeyPassphraseStrategy.INTERACTIVE;
 
     private MultiPassStrategy multiPassStrategy = new InMemoryMultiPassStrategy();
+    private boolean cleartextSigned;
 
     /**
      * Consider signatures on the message made before the given timestamp invalid.
@@ -352,4 +353,20 @@ public class ConsumerOptions {
     public MultiPassStrategy getMultiPassStrategy() {
         return multiPassStrategy;
     }
+
+    /**
+     * INTERNAL method to mark cleartext signed messages.
+     * Do not call this manually.
+     */
+    public void setIsCleartextSigned() {
+        this.cleartextSigned = true;
+    }
+
+    /**
+     * Return true if the message is cleartext signed.
+     * @return cleartext signed
+     */
+    public boolean isCleartextSigned() {
+        return this.cleartextSigned;
+    }
 }

pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java

@@ -16,6 +16,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 
 import org.bouncycastle.bcpg.ArmoredInputStream;
 import org.bouncycastle.openpgp.PGPCompressedData;
@@ -126,6 +127,12 @@ public final class DecryptionStreamFactory {
         InputStream decoderStream;
         PGPObjectFactory objectFactory;
 
+        if (options.isCleartextSigned()) {
+            inputStream = wrapInVerifySignatureStream(bufferedIn, null);
+            return new DecryptionStream(inputStream, resultBuilder, integrityProtectedEncryptedInputStream,
+                    null);
+        }
+
         try {
             decoderStream = PGPUtilWrapper.getDecoderStream(bufferedIn);
             decoderStream = CRCingArmoredInputStreamWrapper.possiblyWrap(decoderStream);
@@ -170,7 +177,7 @@ public final class DecryptionStreamFactory {
                 (decoderStream instanceof ArmoredInputStream) ? decoderStream : null);
     }
 
-    private InputStream wrapInVerifySignatureStream(InputStream bufferedIn, PGPObjectFactory objectFactory) {
+    private InputStream wrapInVerifySignatureStream(InputStream bufferedIn, @Nullable PGPObjectFactory objectFactory) {
         return new SignatureInputStream.VerifySignatures(
                 bufferedIn, objectFactory, onePassSignatureChecks,
                 onePassSignaturesWithMissingCert, detachedSignatureChecks, options,

pgpainless-core/src/main/java/org/pgpainless/decryption_verification/SignatureInputStream.java

@@ -12,6 +12,7 @@ import java.io.InputStream;
 import java.util.List;
 import java.util.Map;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 
 import org.bouncycastle.openpgp.PGPObjectFactory;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
@@ -46,7 +47,7 @@ public abstract class SignatureInputStream extends FilterInputStream {
 
         public VerifySignatures(
                 InputStream literalDataStream,
-                PGPObjectFactory objectFactory,
+                @Nullable PGPObjectFactory objectFactory,
                 List<OnePassSignatureCheck> opSignatures,
                 Map<Long, OnePassSignatureCheck> onePassSignaturesWithMissingCert,
                 List<DetachedSignatureCheck> detachedSignatures,
@@ -93,6 +94,9 @@ public abstract class SignatureInputStream extends FilterInputStream {
         }
 
         public void parseAndCombineSignatures() throws IOException {
+            if (objectFactory == null) {
+                return;
+            }
             // Parse signatures from message
             PGPSignatureList signatures;
             try {

pgpainless-core/src/main/java/org/pgpainless/decryption_verification/cleartext_signatures/CleartextSignatureProcessor.java

@@ -6,7 +6,6 @@ package org.pgpainless.decryption_verification.cleartext_signatures;
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.logging.Logger;
 
 import org.bouncycastle.bcpg.ArmoredInputStream;
 import org.bouncycastle.openpgp.PGPException;
@@ -27,8 +26,6 @@ import org.pgpainless.util.ArmoredInputStreamFactory;
  */
 public class CleartextSignatureProcessor {
 
-    private static final Logger LOGGER = Logger.getLogger(CleartextSignatureProcessor.class.getName());
-
     private final ArmoredInputStream in;
     private final ConsumerOptions options;
 
@@ -71,6 +68,7 @@ public class CleartextSignatureProcessor {
             options.addVerificationOfDetachedSignature(signature);
         }
 
+        options.setIsCleartextSigned();
         return PGPainless.decryptAndOrVerify()
                 .onInputStream(multiPassStrategy.getMessageInputStream())
                 .withOptions(options);