From 6902dbec2ff4d6bd458f4d29014942447c341ad2 Mon Sep 17 00:00:00 2001
From: TharmiganK <ktharmi176@gmail.com>
Date: Wed, 9 Oct 2024 14:51:35 +0530
Subject: [PATCH] Address sonar cloud issues

---
 .../stdlib/crypto/PgpDecryptionGenerator.java | 48 ++++++-------------
 1 file changed, 15 insertions(+), 33 deletions(-)

diff --git a/native/src/main/java/io/ballerina/stdlib/crypto/PgpDecryptionGenerator.java b/native/src/main/java/io/ballerina/stdlib/crypto/PgpDecryptionGenerator.java
index ee72713a..e622738c 100644
--- a/native/src/main/java/io/ballerina/stdlib/crypto/PgpDecryptionGenerator.java
+++ b/native/src/main/java/io/ballerina/stdlib/crypto/PgpDecryptionGenerator.java
@@ -91,6 +91,11 @@ private Optional<PGPPrivateKey> findSecretKey(long keyID) throws PGPException {
 
     private void decryptStream(InputStream encryptedIn, OutputStream clearOut)
             throws PGPException, IOException {
+        KeyEncryptedResult keyEncryptedResult = getKeyEncryptedResult(encryptedIn);
+        decrypt(clearOut, keyEncryptedResult.pgpPrivateKey(), keyEncryptedResult.publicKeyEncryptedData());
+    }
+
+    private KeyEncryptedResult getKeyEncryptedResult(InputStream encryptedIn) throws IOException, PGPException {
         // Remove armour and return the underlying binary encrypted stream
         encryptedIn = PGPUtil.getDecoderStream(encryptedIn);
         JcaPGPObjectFactory pgpObjectFactory = new JcaPGPObjectFactory(encryptedIn);
@@ -116,36 +121,15 @@ private void decryptStream(InputStream encryptedIn, OutputStream clearOut)
         if (pgpPrivateKey.isEmpty()) {
             throw new PGPException("Could not Extract private key");
         }
-        decrypt(clearOut, pgpPrivateKey.get(), publicKeyEncryptedData);
+        return new KeyEncryptedResult(pgpPrivateKey.get(), publicKeyEncryptedData);
     }
 
-    public void decryptStream(InputStream encryptedIn, BObject iteratorObj) throws PGPException, IOException {
-        // Remove armour and return the underlying binary encrypted stream
-        encryptedIn = PGPUtil.getDecoderStream(encryptedIn);
-        JcaPGPObjectFactory pgpObjectFactory = new JcaPGPObjectFactory(encryptedIn);
-
-        Object obj = pgpObjectFactory.nextObject();
-        // Verify the marker packet
-        PGPEncryptedDataList pgpEncryptedDataList = (obj instanceof PGPEncryptedDataList)
-                ? (PGPEncryptedDataList) obj : (PGPEncryptedDataList) pgpObjectFactory.nextObject();
-
-        Optional<PGPPrivateKey> pgpPrivateKey = Optional.empty();
-        PGPPublicKeyEncryptedData publicKeyEncryptedData = null;
-
-        Iterator<PGPEncryptedData> encryptedDataItr = pgpEncryptedDataList.getEncryptedDataObjects();
-        while (pgpPrivateKey.isEmpty() && encryptedDataItr.hasNext()) {
-            publicKeyEncryptedData = (PGPPublicKeyEncryptedData) encryptedDataItr.next();
-            pgpPrivateKey = findSecretKey(publicKeyEncryptedData.getKeyID());
-        }
-
-        if (Objects.isNull(publicKeyEncryptedData)) {
-            throw new PGPException("Could not generate PGPPublicKeyEncryptedData object");
-        }
+    private record KeyEncryptedResult(PGPPrivateKey pgpPrivateKey, PGPPublicKeyEncryptedData publicKeyEncryptedData) {
+    }
 
-        if (pgpPrivateKey.isEmpty()) {
-            throw new PGPException("Could not Extract private key");
-        }
-        decrypt(pgpPrivateKey.get(), publicKeyEncryptedData, iteratorObj);
+    public void decryptStream(InputStream encryptedIn, BObject iteratorObj) throws PGPException, IOException {
+        KeyEncryptedResult keyEncryptedResult = getKeyEncryptedResult(encryptedIn);
+        decrypt(keyEncryptedResult.pgpPrivateKey, keyEncryptedResult.publicKeyEncryptedData, iteratorObj);
     }
 
     // Decrypts the given byte array of encrypted data using PGP decryption.
@@ -187,11 +171,10 @@ private static void decrypt(OutputStream clearOut, PGPPrivateKey pgpPrivateKey,
             }
         }
         // Perform the integrity check
-        if (publicKeyEncryptedData.isIntegrityProtected()) {
-            if (!publicKeyEncryptedData.verify()) {
+        if (publicKeyEncryptedData.isIntegrityProtected() && !publicKeyEncryptedData.verify()) {
                 throw new PGPException("Message failed integrity check");
             }
-        }
+
     }
 
     private static void decrypt(PGPPrivateKey pgpPrivateKey, PGPPublicKeyEncryptedData publicKeyEncryptedData,
@@ -209,11 +192,10 @@ private static void decrypt(PGPPrivateKey pgpPrivateKey, PGPPublicKeyEncryptedDa
 
         if (message instanceof PGPLiteralData pgpLiteralData) {
             // Perform the integrity check
-            if (publicKeyEncryptedData.isIntegrityProtected()) {
-                if (!publicKeyEncryptedData.verify()) {
+            if (publicKeyEncryptedData.isIntegrityProtected() && !publicKeyEncryptedData.verify()) {
                     throw new PGPException("Message failed integrity check");
                 }
-            }
+
             iteratorObj.addNativeData(TARGET_STREAM, pgpLiteralData.getDataStream());
             iteratorObj.addNativeData(COMPRESSED_DATA_STREAM, compressedDataStream);
             iteratorObj.addNativeData(DATA_STREAM, decryptedCompressedIn);