sop: Enforce that any secret key argument only contains a single secr…

…et key
pgpainless · Aug 22, 2021 · da86ebb · da86ebb
1 parent 3aabf10
commit da86ebb
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 3 deletions.
diff --git a/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java b/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java
@@ -104,8 +104,11 @@ private static String removeTrailingWhitespace(String passphrase) {
     public DecryptImpl withKey(InputStream keyIn) throws SOPGPException.KeyIsProtected, SOPGPException.BadData, SOPGPException.UnsupportedAsymmetricAlgo {
         try {
             PGPSecretKeyRingCollection secretKeys = PGPainless.readKeyRing()
-                    .keyRingCollection(keyIn, true)
-                    .getPGPSecretKeyRingCollection();
+                    .secretKeyRingCollection(keyIn);
+
+            if (secretKeys.size() != 1) {
+                throw new SOPGPException.BadData(new AssertionError("Exactly one single secret key expected. Got " + secretKeys.size()));
+            }
 
             for (PGPSecretKeyRing secretKey : secretKeys) {
                 KeyRingInfo info = new KeyRingInfo(secretKey);

diff --git a/pgpainless-sop/src/main/java/org/pgpainless/sop/EncryptImpl.java b/pgpainless-sop/src/main/java/org/pgpainless/sop/EncryptImpl.java
@@ -63,6 +63,9 @@ public Encrypt mode(EncryptAs mode) throws SOPGPException.UnsupportedOption {
     public Encrypt signWith(InputStream keyIn) throws SOPGPException.KeyIsProtected, SOPGPException.CertCannotSign, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.BadData {
         try {
             PGPSecretKeyRingCollection keys = PGPainless.readKeyRing().secretKeyRingCollection(keyIn);
+            if (keys.size() != 1) {
+                throw new SOPGPException.BadData(new AssertionError("Exactly one secret key at a time expected. Got " + keys.size()));
+            }
 
             if (signingOptions == null) {
                 signingOptions = SigningOptions.get();

diff --git a/pgpainless-sop/src/main/java/org/pgpainless/sop/SignImpl.java b/pgpainless-sop/src/main/java/org/pgpainless/sop/SignImpl.java
@@ -24,6 +24,7 @@
 
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.util.io.Streams;
 import org.pgpainless.PGPainless;
@@ -62,7 +63,12 @@ public Sign mode(SignAs mode) {
     @Override
     public Sign key(InputStream keyIn) throws SOPGPException.KeyIsProtected, SOPGPException.BadData, IOException {
         try {
-            PGPSecretKeyRing key = PGPainless.readKeyRing().secretKeyRing(keyIn);
+            PGPSecretKeyRingCollection keys = PGPainless.readKeyRing().secretKeyRingCollection(keyIn);
+            if (keys.size() != 1) {
+                throw new SOPGPException.BadData(new AssertionError("Exactly one secret key at a time expected. Got " + keys.size()));
+            }
+
+            PGPSecretKeyRing key = keys.iterator().next();
             KeyRingInfo info = new KeyRingInfo(key);
             if (!info.isFullyDecrypted()) {
                 throw new SOPGPException.KeyIsProtected();