Throw WrongConsumingMethodException when processing Cleartext Signed Messages with Inband Signature verification API and vice versa

pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java

@@ -58,6 +58,7 @@ import org.pgpainless.exception.MessageNotIntegrityProtectedException;
 import org.pgpainless.exception.MissingDecryptionMethodException;
 import org.pgpainless.exception.MissingLiteralDataException;
 import org.pgpainless.exception.UnacceptableAlgorithmException;
+import org.pgpainless.exception.WrongConsumingMethodException;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.OpenPgpV4Fingerprint;
 import org.pgpainless.key.SubkeyIdentifier;
@@ -121,6 +122,15 @@ public final class DecryptionStreamFactory {
         InputStream decoderStream = PGPUtil.getDecoderStream(bufferedIn);
         decoderStream = CRCingArmoredInputStreamWrapper.possiblyWrap(decoderStream);
 
+        if (decoderStream instanceof ArmoredInputStream) {
+            ArmoredInputStream armor = (ArmoredInputStream) decoderStream;
+
+            if (armor.isClearText()) {
+                throw new WrongConsumingMethodException("Message appears to be using the Cleartext Signature Framework. " +
+                        "Use PGPainless.verifyCleartextSignedMessage() to verify this message instead.");
+            }
+        }
+
         PGPObjectFactory objectFactory = new PGPObjectFactory(
                 decoderStream, keyFingerprintCalculator);
 

pgpainless-core/src/main/java/org/pgpainless/exception/WrongConsumingMethodException.java

@@ -0,0 +1,25 @@
+/*
+ * Copyright 2021 Paul Schaub.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.pgpainless.exception;
+
+import org.bouncycastle.openpgp.PGPException;
+
+public class WrongConsumingMethodException extends PGPException {
+
+    public WrongConsumingMethodException(String message) {
+        super(message);
+    }
+}

pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/ClearsignedMessageUtil.java

@@ -25,6 +25,7 @@ import org.bouncycastle.bcpg.ArmoredInputStream;
 import org.bouncycastle.openpgp.PGPObjectFactory;
 import org.bouncycastle.openpgp.PGPSignatureList;
 import org.bouncycastle.util.Strings;
+import org.pgpainless.exception.WrongConsumingMethodException;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.util.ArmoredInputStreamFactory;
 
@@ -49,10 +50,10 @@ public final class ClearsignedMessageUtil {
      */
     public static PGPSignatureList detachSignaturesFromInbandClearsignedMessage(InputStream clearsignedInputStream,
                                                                                 OutputStream messageOutputStream)
-            throws IOException {
+            throws IOException, WrongConsumingMethodException {
         ArmoredInputStream in = ArmoredInputStreamFactory.get(clearsignedInputStream);
         if (!in.isClearText()) {
-            throw new IOException("Message is not clearsigned.");
+            throw new WrongConsumingMethodException("Message is not using the Cleartext Signature Framework.");
         }
 
         OutputStream out = new BufferedOutputStream(messageOutputStream);