Add ConsumerOptions.setMissingKeyPassphraseStrategy()

This allows switching missing passphrase handling from interactive mode (fire callbacks to prompt user for missing key passphrases) to non-interactive mode (throw MissingPassphraseException with all keys with missing passphrase in it). Fixes #193
2025-12-10 22:31:09 +01:00 · 2021-10-18 16:01:19 +02:00 · 2021-10-18 16:01:19 +02:00 · 2ad917d27c
commit 2ad917d27c
parent bebb9709ac
5 changed files with 231 additions and 12 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java
@ -32,6 +32,7 @@ import org.pgpainless.util.Passphrase;
 */
 public class ConsumerOptions {

+
    private boolean ignoreMDCErrors = false;

    private Date verifyNotBefore = null;
@ -47,6 +48,7 @@ public class ConsumerOptions {

    private final Map<PGPSecretKeyRing, SecretKeyRingProtector> decryptionKeys = new HashMap<>();
    private final Set<Passphrase> decryptionPassphrases = new HashSet<>();
+    private MissingKeyPassphraseStrategy missingKeyPassphraseStrategy = MissingKeyPassphraseStrategy.INTERACTIVE;


    /**
@ -289,4 +291,13 @@ public class ConsumerOptions {
    boolean isIgnoreMDCErrors() {
        return ignoreMDCErrors;
    }
+
+    public ConsumerOptions setMissingKeyPassphraseStrategy(MissingKeyPassphraseStrategy strategy) {
+        this.missingKeyPassphraseStrategy = strategy;
+        return this;
+    }
+
+    MissingKeyPassphraseStrategy getMissingKeyPassphraseStrategy() {
+        return missingKeyPassphraseStrategy;
+    }
 }
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
@ -10,6 +10,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@ -47,6 +48,7 @@ import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
 import org.pgpainless.exception.MessageNotIntegrityProtectedException;
 import org.pgpainless.exception.MissingDecryptionMethodException;
 import org.pgpainless.exception.MissingLiteralDataException;
+import org.pgpainless.exception.MissingPassphraseException;
 import org.pgpainless.exception.SignatureValidationException;
 import org.pgpainless.exception.UnacceptableAlgorithmException;
 import org.pgpainless.exception.WrongConsumingMethodException;
@ -67,6 +69,7 @@ import org.slf4j.LoggerFactory;

 public final class DecryptionStreamFactory {

+
    private static final Logger LOGGER = LoggerFactory.getLogger(DecryptionStreamFactory.class);
    private static final int MAX_RECURSION_DEPTH = 16;

@ -382,21 +385,36 @@ public final class DecryptionStreamFactory {

        // Try postponed keys with missing passphrases (will cause missing passphrase callbacks to fire)
        if (encryptedSessionKey == null) {
-            for (Tuple<SubkeyIdentifier, PGPPublicKeyEncryptedData> missingPassphrases : postponedDueToMissingPassphrase) {
-                SubkeyIdentifier keyId = missingPassphrases.getA();
-                PGPPublicKeyEncryptedData publicKeyEncryptedData = missingPassphrases.getB();
-                PGPSecretKeyRing secretKeys = findDecryptionKeyRing(keyId.getKeyId());
-                PGPSecretKey secretKey = secretKeys.getSecretKey(keyId.getSubkeyId());

-                PGPPrivateKey privateKey = tryPublicKeyDecryption(secretKeys, secretKey, publicKeyEncryptedData, postponedDueToMissingPassphrase, false);
-                if (privateKey == null) {
-                    continue;
+            if (options.getMissingKeyPassphraseStrategy() == MissingKeyPassphraseStrategy.THROW_EXCEPTION) {
+                // Non-interactive mode: Throw an exception with all locked decryption keys
+                Set<SubkeyIdentifier> keyIds = new HashSet<>();
+                for (Tuple<SubkeyIdentifier, ?> k : postponedDueToMissingPassphrase) {
+                    keyIds.add(k.getA());
                }
-
-                decryptionKey = privateKey;
-                encryptedSessionKey = publicKeyEncryptedData;
-                break;
+                throw new MissingPassphraseException(keyIds);
            }
+            else if (options.getMissingKeyPassphraseStrategy() == MissingKeyPassphraseStrategy.INTERACTIVE) {
+                // Interactive mode: Fire protector callbacks to get passphrases interactively
+                for (Tuple<SubkeyIdentifier, PGPPublicKeyEncryptedData> missingPassphrases : postponedDueToMissingPassphrase) {
+                    SubkeyIdentifier keyId = missingPassphrases.getA();
+                    PGPPublicKeyEncryptedData publicKeyEncryptedData = missingPassphrases.getB();
+                    PGPSecretKeyRing secretKeys = findDecryptionKeyRing(keyId.getKeyId());
+                    PGPSecretKey secretKey = secretKeys.getSecretKey(keyId.getSubkeyId());
+
+                    PGPPrivateKey privateKey = tryPublicKeyDecryption(secretKeys, secretKey, publicKeyEncryptedData, postponedDueToMissingPassphrase, false);
+                    if (privateKey == null) {
+                        continue;
+                    }
+
+                    decryptionKey = privateKey;
+                    encryptedSessionKey = publicKeyEncryptedData;
+                    break;
+                }
+            } else {
+                throw new IllegalStateException("Invalid PostponedKeysStrategy set in consumer options.");
+            }
+
        }

        return decryptWith(encryptedSessionKey, decryptionKey);
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/MissingKeyPassphraseStrategy.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/MissingKeyPassphraseStrategy.java
@ -0,0 +1,10 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.decryption_verification;
+
+public enum MissingKeyPassphraseStrategy {
+    INTERACTIVE, // ask for missing key passphrases one by one
+    THROW_EXCEPTION // throw an exception with all keys with missing passphrases
+}
--- a/pgpainless-core/src/main/java/org/pgpainless/exception/MissingPassphraseException.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/exception/MissingPassphraseException.java
@ -0,0 +1,26 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.exception;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Set;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.pgpainless.key.SubkeyIdentifier;
+
+public class MissingPassphraseException extends PGPException {
+
+    private final Set<SubkeyIdentifier> keyIds;
+
+    public MissingPassphraseException(Set<SubkeyIdentifier> keyIds) {
+        super("Missing passphrase encountered for keys " + Arrays.toString(keyIds.toArray()));
+        this.keyIds = Collections.unmodifiableSet(keyIds);
+    }
+
+    public Set<SubkeyIdentifier> getKeyIds() {
+        return keyIds;
+    }
+}