PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-12-16 17:21:08 +01:00
Code Issues Releases Wiki Activity

Fix OpenPgpMetadata.isSigned() returning false on signed message due to missing verification cert

Browse source
This commit is contained in:
Paul Schaub 2021-09-28 16:58:45 +02:00
parent dd77d6be74
commit 9e16fc37d7
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
3 changed files with 92 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
View file

@ -56,6 +56,7 @@ import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.exception.MessageNotIntegrityProtectedException;
import org.pgpainless.exception.MissingDecryptionMethodException;
import org.pgpainless.exception.MissingLiteralDataException;
import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.exception.UnacceptableAlgorithmException;
import org.pgpainless.exception.WrongConsumingMethodException;
import org.pgpainless.implementation.ImplementationFactory;
@ -107,6 +108,8 @@ public final class DecryptionStreamFactory {
long issuerKeyId = SignatureUtils.determineIssuerKeyId(signature);
PGPPublicKeyRing signingKeyRing = findSignatureVerificationKeyRing(issuerKeyId);
if (signingKeyRing == null) {
SignatureValidationException ex = new SignatureValidationException("Missing verification certificate " + Long.toHexString(issuerKeyId));
resultBuilder.addInvalidDetachedSignature(new SignatureVerification(signature, null), ex);
continue;
}
PGPPublicKey signingKey = signingKeyRing.getPublicKey(issuerKeyId);
@ -497,7 +500,8 @@ public final class DecryptionStreamFactory {
// Find public key
PGPPublicKeyRing verificationKeyRing = findSignatureVerificationKeyRing(keyId);
if (verificationKeyRing == null) {
LOGGER.debug("Missing verification key from {}", Long.toHexString(keyId));
SignatureValidationException ex = new SignatureValidationException("Missing verification certificate " + Long.toHexString(keyId));
resultBuilder.addInvalidInbandSignature(new SignatureVerification(null, null), ex);
return;
}
PGPPublicKey verificationKey = verificationKeyRing.getPublicKey(keyId);

3
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/SignatureVerification.java
View file

@ -38,7 +38,7 @@ public class SignatureVerification {
* @param signature PGPSignature object
* @param signingKey identifier of the signing key
*/
public SignatureVerification(PGPSignature signature, @Nullable SubkeyIdentifier signingKey) {
public SignatureVerification(@Nullable PGPSignature signature, @Nullable SubkeyIdentifier signingKey) {
this.signature = signature;
this.signingKey = signingKey;
}
@ -48,6 +48,7 @@ public class SignatureVerification {
*
* @return signature
*/
@Nullable
public PGPSignature getSignature() {
return signature;
}