From 704ccdc096e4f5cf2670c5c58eaf19fe1fdf4df3 Mon Sep 17 00:00:00 2001
From: Thomas Wolf <thomas.wolf@paranor.ch>
Date: Mon, 22 Feb 2021 09:29:12 +0100
Subject: GPG: fix reading unprotected old-format secret keys

Fix code and add a test case. The old code passed on the original input
stream, which has already been consumed.

Bug: 570501
Change-Id: I81f60698ce42443df57e59b1d1ab155574136fa8
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
---
 .../org/eclipse/jgit/gpg/bc/internal/keys/SecretKeys.java    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit')

diff --git a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeys.java b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeys.java
index 1542b8cbcc..269a1ba0f6 100644
--- a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeys.java
+++ b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeys.java
@@ -113,13 +113,13 @@ public final class SecretKeys {
 		try {
 			if (firstChar == '(') {
 				// Binary format.
-				if (!matches(data, 4, PROTECTED_KEY)) {
-					// Not encrypted binary format.
-					return parser.parseSecretKey(in, null, publicKey);
+				PBEProtectionRemoverFactory decryptor = null;
+				if (matches(data, 4, PROTECTED_KEY)) {
+					// AES/CBC encrypted.
+					decryptor = new JcePBEProtectionRemoverFactory(
+							passphraseSupplier.getPassphrase(),
+							calculatorProvider);
 				}
-				// AES/CBC encrypted.
-				PBEProtectionRemoverFactory decryptor = new JcePBEProtectionRemoverFactory(
-						passphraseSupplier.getPassphrase(), calculatorProvider);
 				try (InputStream sIn = new ByteArrayInputStream(data)) {
 					return parser.parseSecretKey(sIn, decryptor, publicKey);
 				}
-- 
cgit v1.2.3