From 4ccd89b14898dc1329787f4e5b374008439ddbca Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Wed, 22 Nov 2023 17:11:24 +0100 Subject: [PATCH 1/8] decrypt --verify-with: Do not expect exit 3 when verifications is empty --- .../sop/cli/picocli/commands/DecryptCmdTest.java | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/DecryptCmdTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/DecryptCmdTest.java index e3dd198..edfd052 100644 --- a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/DecryptCmdTest.java +++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/DecryptCmdTest.java @@ -21,6 +21,7 @@ import sop.operation.Decrypt; import sop.util.HexUtil; import sop.util.UTCUtil; +import javax.annotation.Nonnull; import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.File; @@ -247,15 +248,17 @@ public class DecryptCmdTest { } @Test - @ExpectSystemExitWithStatus(SOPGPException.NoSignature.EXIT_CODE) - public void assertNoSignatureExceptionCausesExit3() throws SOPGPException.CannotDecrypt, SOPGPException.MissingArg, SOPGPException.BadData, IOException { + public void assertNoVerificationsIsOkay() throws SOPGPException.CannotDecrypt, SOPGPException.MissingArg, SOPGPException.BadData, IOException { + File tempFile = File.createTempFile("verify-with-", ".tmp"); + File verifyOut = new File(tempFile.getParent(), "verifications.out"); + verifyOut.deleteOnExit(); when(decrypt.ciphertext((InputStream) any())).thenReturn(new ReadyWithResult() { @Override - public DecryptionResult writeTo(OutputStream outputStream) throws SOPGPException.NoSignature { - throw new SOPGPException.NoSignature(); + public DecryptionResult writeTo(@Nonnull OutputStream outputStream) throws SOPGPException.NoSignature { + return new DecryptionResult(null, Collections.emptyList()); } }); - SopCLI.main(new String[] {"decrypt"}); + SopCLI.main(new String[] {"decrypt", "--verify-with", tempFile.getAbsolutePath(), "--verifications-out", verifyOut.getAbsolutePath()}); } @Test From 0c26a95670a37638cf1042f538843e359db7a080 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Wed, 22 Nov 2023 17:18:10 +0100 Subject: [PATCH 2/8] decrypt --verify-with: Do not throw NoSignature if verifications is empty --- .../src/main/java/sop/cli/picocli/commands/DecryptCmd.java | 5 ----- 1 file changed, 5 deletions(-) diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java index a681b4d..a870931 100644 --- a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java +++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java @@ -115,11 +115,6 @@ public class DecryptCmd extends AbstractSopCmd { private void writeVerifyOut(DecryptionResult result) throws IOException { if (verifyOut != null) { - if (result.getVerifications().isEmpty()) { - String errorMsg = getMsg("sop.error.runtime.no_verifiable_signature_found"); - throw new SOPGPException.NoSignature(errorMsg); - } - try (OutputStream fileOut = getOutput(verifyOut)) { PrintWriter writer = new PrintWriter(fileOut); for (Verification verification : result.getVerifications()) { From 4e3f0d3a5c24ccdb3c76f73982fb5d1bd32dba0f Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Wed, 22 Nov 2023 18:12:00 +0100 Subject: [PATCH 3/8] SOP-Java 7.0.1 --- CHANGELOG.md | 3 +++ version.gradle | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ca12a2..2476bff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ SPDX-License-Identifier: Apache-2.0 # Changelog +## 7.0.1 +- `decrypt`: Do not throw `NoSignature` exception (exit code 3) if `--verify-with` is provided, but `VERIFICATIONS` is empty. + ## 7.0.0 - Update implementation to [SOP Specification revision 07](https://www.ietf.org/archive/id/draft-dkg-openpgp-stateless-cli-07.html). - Add support for new `revoke-key` subcommand diff --git a/version.gradle b/version.gradle index d8ddfd6..534deff 100644 --- a/version.gradle +++ b/version.gradle @@ -5,7 +5,7 @@ allprojects { ext { shortVersion = '7.0.1' - isSnapshot = true + isSnapshot = false minAndroidSdk = 10 javaSourceCompatibility = 1.8 gsonVersion = '2.10.1' From 5ea94233d89901131e713b59a19f827bd6f186df Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Wed, 22 Nov 2023 18:16:49 +0100 Subject: [PATCH 4/8] SOP-Java 7.0.2-SNAPSHOT --- version.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.gradle b/version.gradle index 534deff..144aa47 100644 --- a/version.gradle +++ b/version.gradle @@ -4,8 +4,8 @@ allprojects { ext { - shortVersion = '7.0.1' - isSnapshot = false + shortVersion = '7.0.2' + isSnapshot = true minAndroidSdk = 10 javaSourceCompatibility = 1.8 gsonVersion = '2.10.1' From 00925e6511d5364200736def373f0a5e4e8580b7 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 31 Oct 2024 13:21:52 +0100 Subject: [PATCH 5/8] Fix indirect parameter passing for change-key-password password arguments Fixes https://github.com/pgpainless/pgpainless/issues/453 Thanks to @dkg for the report --- CHANGELOG.md | 3 +++ .../picocli/commands/ChangeKeyPasswordCmd.java | 18 ++++++++++-------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2476bff..499090a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ SPDX-License-Identifier: Apache-2.0 # Changelog +## 7.0.2-SNAPSHOT +- CLI `change-key-password`: Fix indirect parameter passing for new and old passwords (thanks to @dkg for the report) + ## 7.0.1 - `decrypt`: Do not throw `NoSignature` exception (exit code 3) if `--verify-with` is provided, but `VERIFICATIONS` is empty. diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/ChangeKeyPasswordCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/ChangeKeyPasswordCmd.java index 5a6aa2a..0e12ef8 100644 --- a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/ChangeKeyPasswordCmd.java +++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/ChangeKeyPasswordCmd.java @@ -39,15 +39,17 @@ public class ChangeKeyPasswordCmd extends AbstractSopCmd { changeKeyPassword.noArmor(); } - for (String oldKeyPassword : oldKeyPasswords) { - changeKeyPassword.oldKeyPassphrase(oldKeyPassword); - } - - if (newKeyPassword != null) { - changeKeyPassword.newKeyPassphrase(newKeyPassword); - } - try { + for (String oldKeyPassword : oldKeyPasswords) { + String password = stringFromInputStream(getInput(oldKeyPassword)); + changeKeyPassword.oldKeyPassphrase(password); + } + + if (newKeyPassword != null) { + String password = stringFromInputStream(getInput(newKeyPassword)); + changeKeyPassword.newKeyPassphrase(password); + } + changeKeyPassword.keys(System.in).writeTo(System.out); } catch (IOException e) { throw new RuntimeException(e); From 84abace9afca4e7c70c61e4102c4021d006c4d11 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 31 Oct 2024 13:25:04 +0100 Subject: [PATCH 6/8] Backport: revoke-key command: Allow for multiple '--with-key-password' options --- .../java/sop/cli/picocli/commands/RevokeKeyCmd.java | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/RevokeKeyCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/RevokeKeyCmd.java index 45f22fa..3c2e45b 100644 --- a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/RevokeKeyCmd.java +++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/RevokeKeyCmd.java @@ -11,6 +11,8 @@ import sop.exception.SOPGPException; import sop.operation.RevokeKey; import java.io.IOException; +import java.util.ArrayList; +import java.util.List; @CommandLine.Command(name = "revoke-key", resourceBundle = "msg_revoke-key", @@ -23,7 +25,7 @@ public class RevokeKeyCmd extends AbstractSopCmd { @CommandLine.Option(names = "--with-key-password", paramLabel = "PASSWORD") - String withKeyPassword; + List withKeyPassword = new ArrayList<>(); @Override public void run() { @@ -36,8 +38,10 @@ public class RevokeKeyCmd extends AbstractSopCmd { if (withKeyPassword != null) { try { - String password = stringFromInputStream(getInput(withKeyPassword)); - revokeKey.withKeyPassword(password); + for (String passwordFile : withKeyPassword) { + String password = stringFromInputStream(getInput(passwordFile)); + revokeKey.withKeyPassword(password); + } } catch (SOPGPException.UnsupportedOption e) { String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--with-key-password"); throw new SOPGPException.UnsupportedOption(errorMsg, e); From bb2728f013aa8514cef3d6cbb029dea9b00ccf02 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 31 Oct 2024 13:30:00 +0100 Subject: [PATCH 7/8] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 499090a..94f2f1e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ SPDX-License-Identifier: Apache-2.0 ## 7.0.2-SNAPSHOT - CLI `change-key-password`: Fix indirect parameter passing for new and old passwords (thanks to @dkg for the report) +- Backport: revoke-key command: Allow for multiple '--with-key-password' options ## 7.0.1 - `decrypt`: Do not throw `NoSignature` exception (exit code 3) if `--verify-with` is provided, but `VERIFICATIONS` is empty. From e3b258ee4c7d86b5424b3c5ca489f45886e6ce14 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 31 Oct 2024 13:31:10 +0100 Subject: [PATCH 8/8] SOP-Java 7.0.2 --- version.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.gradle b/version.gradle index 144aa47..8e50153 100644 --- a/version.gradle +++ b/version.gradle @@ -5,7 +5,7 @@ allprojects { ext { shortVersion = '7.0.2' - isSnapshot = true + isSnapshot = false minAndroidSdk = 10 javaSourceCompatibility = 1.8 gsonVersion = '2.10.1'