Support listing entries without password

thekid · thekid · commit 9074d86c89c7 · 2025-11-23T12:22:10.000+02:00
diff --git a/src/main/php/io/archive/zip/AbstractZipReaderImpl.class.php b/src/main/php/io/archive/zip/AbstractZipReaderImpl.class.php
@@ -223,53 +223,55 @@ public function currentEntry() {
 
         // AES vs. traditional PKZIP cipher
         if (99 === $header['compression']) {
-          if (null === $this->password) {
-            throw new IllegalAccessException('No password set');
-          }
-
+          $stream= new ZipFileInputStream($this, $this->position, $header['compressed']);
           $aes= unpack('vheader/vsize/vversion/a2vendor/cstrength/vcompression', $extra);
-          switch ($aes['strength']) {
-            case 1: $sl= 8; $dl= 16; break;
-            case 2: $sl= 12; $dl= 24; break;
-            case 3: $sl= 16; $dl= 32; break;
-            default: throw new IllegalArgumentException('Invalid AES strength '.$aes['strength']);
-          }
+          $header['compression']= $aes['compression'];
+          $is= function() use($header, $stream, $aes) {
+            if (null === $this->password) {
+              throw new IllegalAccessException('No password set');
+            }
 
-          // Verify password
-          $salt= $this->streamRead($sl);
-          $pvv= $this->streamRead(2);
-          $dk= hash_pbkdf2('sha1', $this->password->reveal(), $salt, 1000, 2 * $dl + 2, true);
-          if (0 !== substr_compare($dk, $pvv, 2 * $dl, 2)) {
-            throw new IllegalAccessException('The password did not match');
-          }
+            switch ($aes['strength']) {
+              case 1: $sl= 8; $dl= 16; break;
+              case 2: $sl= 12; $dl= 24; break;
+              case 3: $sl= 16; $dl= 32; break;
+              default: throw new IllegalArgumentException('Invalid AES strength '.$aes['strength']);
+            }
 
-          $this->skip-= $sl + 2;
-          $header['compression']= $aes['compression'];
-          $is= new AESInputStream(
-            new ZipFileInputStream($this, $this->position, $header['compressed'] - $sl - 2),
-            substr($dk, 0, $dl),
-            substr($dk, $dl, $dl)
-          );
+            // Verify password
+            $salt= $stream->read($sl);
+            $pvv= $stream->read(2);
+            $dk= hash_pbkdf2('sha1', $this->password->reveal(), $salt, 1000, 2 * $dl + 2, true);
+            if (0 !== substr_compare($dk, $pvv, 2 * $dl, 2)) {
+              throw new IllegalAccessException('The password did not match');
+            }
+
+            return new AESInputStream(
+              $stream,
+              substr($dk, 0, $dl),
+              substr($dk, $dl, $dl)
+            );
+          };
         } else if ($header['flags'] & 1) {
-          if (null === $this->password) {
-            throw new IllegalAccessException('No password set');
-          }
+          $stream= new ZipFileInputStream($this, $this->position, $header['compressed']);
+          $is= function() use($header, $stream) {
+            if (null === $this->password) {
+              throw new IllegalAccessException('No password set');
+            }
 
-          // Verify password
-          $cipher= new ZipCipher();
-          $cipher->initialize(iconv(\xp::ENCODING, 'cp437', $this->password->reveal()));
-          $preamble= $cipher->decipher($this->streamRead(12));
-          if (ord($preamble[11]) !== (($header['crc'] >> 24) & 0xff)) {
-            throw new IllegalAccessException('The password did not match');
-          }
-          
-          $this->skip-= 12;
-          $is= new DecipheringInputStream(
-            new ZipFileInputStream($this, $this->position, $header['compressed'] - 12),
-            $cipher
-          );
+            // Verify password
+            $cipher= new ZipCipher();
+            $cipher->initialize(iconv(\xp::ENCODING, 'cp437', $this->password->reveal()));
+            $preamble= $cipher->decipher($stream->read(12));
+            if (ord($preamble[11]) !== (($header['crc'] >> 24) & 0xff)) {
+              throw new IllegalAccessException('The password did not match');
+            }
+
+            return new DecipheringInputStream($stream, $cipher);
+          };
         } else {
-          $is= new ZipFileInputStream($this, $this->position, $header['compressed']);
+          $stream= new ZipFileInputStream($this, $this->position, $header['compressed']);
+          $is= function() use($stream) { return $stream; };
         }
         
         // Create ZipEntry object and return it
diff --git a/src/main/php/io/archive/zip/ZipFileEntry.class.php b/src/main/php/io/archive/zip/ZipFileEntry.class.php
@@ -117,7 +117,7 @@ public function isDirectory() {
    * @return  io.streams.InputStream
    */
   public function in() {
-    return $this->compression[0]->getDecompressionStream($this->is);
+    return $this->compression[0]->getDecompressionStream(($this->is)());
   }
 
   /**
diff --git a/src/test/php/io/archive/zip/unittest/vendors/SevenZipFileTest.class.php b/src/test/php/io/archive/zip/unittest/vendors/SevenZipFileTest.class.php
@@ -60,27 +60,45 @@ public function ppmd() {
 
   #[Test, Expect(IllegalAccessException::class), Values(['zip-crypto', 'aes-128', 'aes-192', 'aes-256'])]
   public function missing_password($fixture) {
-    $this->archiveReaderFor($this->vendor(), $fixture)->iterator()->next();
+    $this->archiveReaderFor($this->vendor(), $fixture)
+      ->iterator()
+      ->next()
+      ->in()
+    ;
   }
 
   #[Test, Expect(IllegalAccessException::class), Values(['zip-crypto', 'aes-128', 'aes-192', 'aes-256'])]
   public function incorrect_password($fixture) {
-    $this->archiveReaderFor($this->vendor(), $fixture)->usingPassword('wrong')->iterator()->next();
+    $this->archiveReaderFor($this->vendor(), $fixture)
+      ->usingPassword('wrong')
+      ->iterator()
+      ->next()
+      ->in()
+    ;
   }
 
   #[Test, Values(['zip-crypto', 'aes-128', 'aes-192', 'aes-256'])]
-  public function password_protected($fixture) {
+  public function password_not_needed_for_listing($fixture) {
     $reader= $this->archiveReaderFor($this->vendor(), $fixture);
-    with ($it= $reader->usingPassword('secret')->iterator()); {
-      $entry= $it->next();
-      Assert::equals('password.txt', $entry->getName());
-      Assert::equals(15, $entry->getSize());
-      Assert::equals('Secret contents', (string)Streams::readAll($entry->in()));
+    $sizes= [];
+    foreach ($reader->entries() as $entry) {
+      $sizes[$entry->getName()]= $entry->getSize();
+    }
+
+    Assert::equals(['password.txt' => 15, 'very.txt' => 20], $sizes);
+  }
 
-      $entry= $it->next();
-      Assert::equals('very.txt', $entry->getName());
-      Assert::equals(20, $entry->getSize());
-      Assert::equals('Very secret contents', (string)Streams::readAll($entry->in()));
+  #[Test, Values(['zip-crypto', 'aes-128', 'aes-192', 'aes-256'])]
+  public function password_protected($fixture) {
+    $reader= $this->archiveReaderFor($this->vendor(), $fixture)->usingPassword('secret');
+    $contents= [];
+    foreach ($reader->entries() as $entry) {
+      $contents[$entry->getName()]= Streams::readAll($entry->in());
     }
+
+    Assert::equals(
+      ['password.txt' => 'Secret contents', 'very.txt' => 'Very secret contents'],
+      $contents
+    );
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -117,7 +117,7 @@ public function isDirectory() {`
`117`	`117`	`* @return io.streams.InputStream`
`118`	`118`	`*/`
`119`	`119`	`public function in() {`
`120`		`- return $this->compression[0]->getDecompressionStream($this->is);`
	`120`	`+ return $this->compression[0]->getDecompressionStream(($this->is)());`
`121`	`121`	`}`
`122`	`122`
`123`	`123`	`/**`