Add OpenPgpMetadata.isCleartextSigned and use it in sop to determine if message was cleartext signed

2025-09-09 18:29:39 +02:00 · 2022-06-19 17:31:48 +02:00 · 2022-06-19 17:31:48 +02:00 · 75455f1a3c
commit 75455f1a3c
parent 5375cd454f
8 changed files with 88 additions and 54 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
@ -155,6 +155,7 @@ public final class DecryptionStreamFactory {
        if (openPgpIn.isAsciiArmored()) {
            ArmoredInputStream armoredInputStream = ArmoredInputStreamFactory.get(openPgpIn);
            if (armoredInputStream.isClearText()) {
+                resultBuilder.setCleartextSigned();
                return parseCleartextSignedMessage(armoredInputStream);
            } else {
                outerDecodingStream = armoredInputStream;
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpMetadata.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpMetadata.java
@ -40,6 +40,7 @@ public class OpenPgpMetadata {
    private final String fileName;
    private final Date modificationDate;
    private final StreamEncoding fileEncoding;
+    private final boolean cleartextSigned;

    public OpenPgpMetadata(Set<Long> recipientKeyIds,
                           SubkeyIdentifier decryptionKey,
@ -51,7 +52,8 @@ public class OpenPgpMetadata {
                           List<SignatureVerification.Failure> invalidDetachedSignatures,
                           String fileName,
                           Date modificationDate,
-                           StreamEncoding fileEncoding) {
+                           StreamEncoding fileEncoding,
+                           boolean cleartextSigned) {

        this.recipientKeyIds = Collections.unmodifiableSet(recipientKeyIds);
        this.decryptionKey = decryptionKey;
@ -64,6 +66,7 @@ public class OpenPgpMetadata {
        this.fileName = fileName;
        this.modificationDate = modificationDate;
        this.fileEncoding = fileEncoding;
+        this.cleartextSigned = cleartextSigned;
    }

    /**
@ -269,6 +272,15 @@ public class OpenPgpMetadata {
        return fileEncoding;
    }

+    /**
+     * Return true if the message was signed using the cleartext signature framework.
+     *
+     * @return true if cleartext signed.
+     */
+    public boolean isCleartextSigned() {
+        return cleartextSigned;
+    }
+
    public static Builder getBuilder() {
        return new Builder();
    }
@ -282,6 +294,7 @@ public class OpenPgpMetadata {
        private String fileName;
        private StreamEncoding fileEncoding;
        private Date modificationDate;
+        private boolean cleartextSigned = false;

        private final List<SignatureVerification> verifiedInbandSignatures = new ArrayList<>();
        private final List<SignatureVerification> verifiedDetachedSignatures = new ArrayList<>();
@ -324,29 +337,38 @@ public class OpenPgpMetadata {
            return this;
        }

+        public Builder addVerifiedInbandSignature(SignatureVerification signatureVerification) {
+            this.verifiedInbandSignatures.add(signatureVerification);
+            return this;
+        }
+
+        public Builder addVerifiedDetachedSignature(SignatureVerification signatureVerification) {
+            this.verifiedDetachedSignatures.add(signatureVerification);
+            return this;
+        }
+
+        public Builder addInvalidInbandSignature(SignatureVerification signatureVerification, SignatureValidationException e) {
+            this.invalidInbandSignatures.add(new SignatureVerification.Failure(signatureVerification, e));
+            return this;
+        }
+
+        public Builder addInvalidDetachedSignature(SignatureVerification signatureVerification, SignatureValidationException e) {
+            this.invalidDetachedSignatures.add(new SignatureVerification.Failure(signatureVerification, e));
+            return this;
+        }
+
+        public Builder setCleartextSigned() {
+            this.cleartextSigned = true;
+            return this;
+        }
+
        public OpenPgpMetadata build() {
            return new OpenPgpMetadata(
                    recipientFingerprints, decryptionKey,
                    sessionKey, compressionAlgorithm,
                    verifiedInbandSignatures, invalidInbandSignatures,
                    verifiedDetachedSignatures, invalidDetachedSignatures,
-                    fileName, modificationDate, fileEncoding);
-        }
-
-        public void addVerifiedInbandSignature(SignatureVerification signatureVerification) {
-            this.verifiedInbandSignatures.add(signatureVerification);
-        }
-
-        public void addVerifiedDetachedSignature(SignatureVerification signatureVerification) {
-            this.verifiedDetachedSignatures.add(signatureVerification);
-        }
-
-        public void addInvalidInbandSignature(SignatureVerification signatureVerification, SignatureValidationException e) {
-            this.invalidInbandSignatures.add(new SignatureVerification.Failure(signatureVerification, e));
-        }
-
-        public void addInvalidDetachedSignature(SignatureVerification signatureVerification, SignatureValidationException e) {
-            this.invalidDetachedSignatures.add(new SignatureVerification.Failure(signatureVerification, e));
+                    fileName, modificationDate, fileEncoding, cleartextSigned);
        }
    }
 }
--- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CleartextSignatureVerificationTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CleartextSignatureVerificationTest.java
@ -94,6 +94,7 @@ public class CleartextSignatureVerificationTest {

        OpenPgpMetadata result = decryptionStream.getResult();
        assertTrue(result.isVerified());
+        assertTrue(result.isCleartextSigned());

        PGPSignature signature = result.getVerifiedSignatures().values().iterator().next();

--- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptAndVerifyMessageTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptAndVerifyMessageTest.java
@ -6,6 +6,7 @@ package org.pgpainless.decryption_verification;

 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTrue;

 import java.io.ByteArrayInputStream;
@ -68,6 +69,7 @@ public class DecryptAndVerifyMessageTest {

        assertTrue(metadata.isEncrypted());
        assertTrue(metadata.isSigned());
+        assertFalse(metadata.isCleartextSigned());
        assertTrue(metadata.isVerified());
        assertEquals(CompressionAlgorithm.ZLIB, metadata.getCompressionAlgorithm());
        assertEquals(SymmetricKeyAlgorithm.AES_256, metadata.getSymmetricKeyAlgorithm());
--- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/SignedMessageVerificationWithoutCertIsStillSigned.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/SignedMessageVerificationWithoutCertIsStillSigned.java
@ -41,6 +41,7 @@ public class SignedMessageVerificationWithoutCertIsStillSigned {

        OpenPgpMetadata metadata = verificationStream.getResult();

+        assertFalse(metadata.isCleartextSigned());
        assertTrue(metadata.isSigned(), "Message is signed, even though we miss the verification cert.");
        assertFalse(metadata.isVerified(), "Message is not verified because we lack the verification cert.");
    }