fix(crypto-pgpainless): refactor key extraction to correctly encrypt messages

msfjarvis · msfjarvis · commit 0b4ba25cf14a · 2022-07-13T20:59:33.000+05:30
diff --git a/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt b/crypto-pgpainless/src/main/kotlin/dev/msfjarvis/aps/crypto/PGPainlessCryptoHandler.kt
@@ -16,6 +16,7 @@ import java.io.ByteArrayInputStream
 import java.io.InputStream
 import java.io.OutputStream
 import javax.inject.Inject
+import org.bouncycastle.openpgp.PGPPublicKeyRing
 import org.bouncycastle.openpgp.PGPSecretKeyRingCollection
 import org.pgpainless.PGPainless
 import org.pgpainless.decryption_verification.ConsumerOptions
@@ -66,19 +67,22 @@ public class PGPainlessCryptoHandler @Inject constructor() : CryptoHandler<PGPKe
     runCatching {
         if (keys.isEmpty()) throw NoKeysProvided("No keys provided for encryption")
         val armoredKeys = keys.map { key -> key.contents.decodeToString() }
-        val pubKeysStream = ByteArrayInputStream(armoredKeys.joinToString("\n").toByteArray())
-        val publicKeyRingCollection =
-          pubKeysStream.use { PGPainless.readKeyRing().publicKeyRingCollection(pubKeysStream) }
-        val encryptionOptions =
-          EncryptionOptions.encryptCommunications()
-            .addRecipients(publicKeyRingCollection.asIterable())
-        val producerOptions = ProducerOptions.encrypt(encryptionOptions).setAsciiArmor(true)
+        val secKeysStream = ByteArrayInputStream(armoredKeys.joinToString("\n").toByteArray())
+        val secretKeyRingCollection =
+          PGPainless.readKeyRing().secretKeyRingCollection(secKeysStream)
+        val publicKeyRings = arrayListOf<PGPPublicKeyRing>()
+        secretKeyRingCollection.forEach { secretKeyRing ->
+          publicKeyRings.add(PGPainless.extractCertificate(secretKeyRing))
+        }
+        require(publicKeyRings.isNotEmpty()) { "No public keys to encrypt message to" }
+        val encryptionOptions = EncryptionOptions().addRecipients(publicKeyRings.asIterable())
+        val producerOptions = ProducerOptions.encrypt(encryptionOptions).setAsciiArmor(false)
         val encryptor =
           PGPainless.encryptAndOrSign().onOutputStream(outputStream).withOptions(producerOptions)
         plaintextStream.copyTo(encryptor)
         encryptor.close()
         val result = encryptor.result
-        publicKeyRingCollection.keyRings.forEach { keyRing ->
+        publicKeyRings.forEach { keyRing ->
           require(result.isEncryptedFor(keyRing)) {
             "Stream should be encrypted for ${keyRing.publicKey.keyID} but wasn't"
           }
