diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/CleartextSignatureProcessor.java b/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/CleartextSignatureProcessor.java index aa86abdd..0c749815 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/CleartextSignatureProcessor.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/CleartextSignatureProcessor.java @@ -15,6 +15,8 @@ */ package org.pgpainless.signature.cleartext_signatures; +import static org.pgpainless.signature.SignatureValidator.signatureWasCreatedInBounds; + import java.io.File; import java.io.IOException; import java.io.InputStream; @@ -28,10 +30,10 @@ import org.bouncycastle.bcpg.ArmoredInputStream; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; -import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignatureList; import org.pgpainless.PGPainless; +import org.pgpainless.decryption_verification.ConsumerOptions; import org.pgpainless.exception.SignatureValidationException; import org.pgpainless.signature.CertificateValidator; import org.pgpainless.signature.SignatureVerifier; @@ -45,11 +47,11 @@ public class CleartextSignatureProcessor { private static final Logger LOGGER = Logger.getLogger(CleartextSignatureProcessor.class.getName()); private final ArmoredInputStream in; - private final PGPPublicKeyRingCollection verificationKeys; + private final ConsumerOptions options; private final MultiPassStrategy multiPassStrategy; public CleartextSignatureProcessor(InputStream inputStream, - PGPPublicKeyRingCollection verificationKeys, + ConsumerOptions options, MultiPassStrategy multiPassStrategy) throws IOException { if (inputStream instanceof ArmoredInputStream) { @@ -57,7 +59,7 @@ public class CleartextSignatureProcessor { } else { this.in = ArmoredInputStreamFactory.get(inputStream); } - this.verificationKeys = verificationKeys; + this.options = options; this.multiPassStrategy = multiPassStrategy; } @@ -81,7 +83,7 @@ public class CleartextSignatureProcessor { for (PGPSignature signature : signatures) { PGPPublicKeyRing certificate = null; PGPPublicKey signingKey = null; - for (PGPPublicKeyRing cert : verificationKeys) { + for (PGPPublicKeyRing cert : options.getCertificates()) { signingKey = cert.getPublicKey(signature.getKeyID()); if (signingKey != null) { certificate = cert; @@ -94,6 +96,7 @@ public class CleartextSignatureProcessor { } try { + signatureWasCreatedInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(signature); SignatureVerifier.initializeSignatureAndUpdateWithSignedData(signature, multiPassStrategy.getMessageInputStream(), signingKey); CertificateValidator.validateCertificateAndVerifyInitializedSignature(signature, certificate, PGPainless.getPolicy()); return signature; diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/VerifyCleartextSignatures.java b/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/VerifyCleartextSignatures.java index f214a689..43d391dd 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/VerifyCleartextSignatures.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/VerifyCleartextSignatures.java @@ -22,6 +22,7 @@ import java.io.InputStream; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; +import org.pgpainless.decryption_verification.ConsumerOptions; /** * Interface defining the API for verification of cleartext signed documents. @@ -53,6 +54,15 @@ public interface VerifyCleartextSignatures { interface VerifyWith { + /** + * Pass in consumer options like verification certificates, acceptable date ranges etc. + * + * @param options options + * @return processor + * @throws IOException in case of an IO error + */ + CleartextSignatureProcessor withOptions(ConsumerOptions options) throws IOException; + /** * Pass in the verification key ring. * @@ -60,7 +70,10 @@ public interface VerifyCleartextSignatures { * @return processor * @throws PGPException if the keys cannot be converted to a {@link PGPPublicKeyRingCollection}. * @throws IOException if the keys cannot be parsed properly + * + * @deprecated use {@link #withOptions(ConsumerOptions)} instead. */ + @Deprecated CleartextSignatureProcessor verifyWith(PGPPublicKeyRing publicKey) throws PGPException, IOException; /** @@ -69,7 +82,10 @@ public interface VerifyCleartextSignatures { * @param publicKeys verification keys * @return processor * @throws IOException if the keys cannot be parsed properly + * + * @deprecated use {@link #withOptions(ConsumerOptions)} instead. */ + @Deprecated CleartextSignatureProcessor verifyWith(PGPPublicKeyRingCollection publicKeys) throws IOException; } diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/VerifyCleartextSignaturesImpl.java b/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/VerifyCleartextSignaturesImpl.java index 0b2af101..73493023 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/VerifyCleartextSignaturesImpl.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/VerifyCleartextSignaturesImpl.java @@ -17,17 +17,15 @@ package org.pgpainless.signature.cleartext_signatures; import java.io.IOException; import java.io.InputStream; -import java.util.Collections; -import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; +import org.pgpainless.decryption_verification.ConsumerOptions; public class VerifyCleartextSignaturesImpl implements VerifyCleartextSignatures { private InputStream inputStream; private MultiPassStrategy multiPassStrategy; - private PGPPublicKeyRingCollection verificationKeys; @Override public WithStrategy onInputStream(InputStream inputStream) { @@ -50,15 +48,22 @@ public class VerifyCleartextSignaturesImpl implements VerifyCleartextSignatures public class VerifyWithImpl implements VerifyWith { @Override - public CleartextSignatureProcessor verifyWith(PGPPublicKeyRing publicKey) throws PGPException, IOException { - VerifyCleartextSignaturesImpl.this.verificationKeys = new PGPPublicKeyRingCollection(Collections.singleton(publicKey)); - return new CleartextSignatureProcessor(inputStream, verificationKeys, multiPassStrategy); + public CleartextSignatureProcessor withOptions(ConsumerOptions options) throws IOException { + return new CleartextSignatureProcessor(inputStream, options, multiPassStrategy); + } + + @Override + public CleartextSignatureProcessor verifyWith(PGPPublicKeyRing publicKey) throws IOException { + ConsumerOptions options = new ConsumerOptions(); + options.addVerificationCert(publicKey); + return new CleartextSignatureProcessor(inputStream, options, multiPassStrategy); } @Override public CleartextSignatureProcessor verifyWith(PGPPublicKeyRingCollection publicKeys) throws IOException { - VerifyCleartextSignaturesImpl.this.verificationKeys = publicKeys; - return new CleartextSignatureProcessor(inputStream, verificationKeys, multiPassStrategy); + ConsumerOptions options = new ConsumerOptions(); + options.addVerificationCerts(publicKeys); + return new CleartextSignatureProcessor(inputStream, options, multiPassStrategy); } } } diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CleartextSignatureVerificationTest.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CleartextSignatureVerificationTest.java index bc362185..db0ac8ea 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CleartextSignatureVerificationTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CleartextSignatureVerificationTest.java @@ -77,12 +77,14 @@ public class CleartextSignatureVerificationTest { @Test public void cleartextSignVerification_InMemoryMultiPassStrategy() throws IOException, PGPException { PGPPublicKeyRing signingKeys = TestKeys.getEmilPublicKeyRing(); + ConsumerOptions options = new ConsumerOptions() + .addVerificationCert(signingKeys); InMemoryMultiPassStrategy multiPassStrategy = MultiPassStrategy.keepMessageInMemory(); CleartextSignatureProcessor processor = PGPainless.verifyCleartextSignedMessage() .onInputStream(new ByteArrayInputStream(MESSAGE_SIGNED)) .withStrategy(multiPassStrategy) - .verifyWith(signingKeys); + .withOptions(options); PGPSignature signature = processor.process(); @@ -93,6 +95,8 @@ public class CleartextSignatureVerificationTest { @Test public void cleartextSignVerification_FileBasedMultiPassStrategy() throws IOException, PGPException { PGPPublicKeyRing signingKeys = TestKeys.getEmilPublicKeyRing(); + ConsumerOptions options = new ConsumerOptions() + .addVerificationCert(signingKeys); File tempDir = TestUtils.createTempDirectory(); File file = new File(tempDir, "file"); @@ -100,7 +104,7 @@ public class CleartextSignatureVerificationTest { CleartextSignatureProcessor processor = PGPainless.verifyCleartextSignedMessage() .onInputStream(new ByteArrayInputStream(MESSAGE_SIGNED)) .withStrategy(multiPassStrategy) - .verifyWith(signingKeys); + .withOptions(options); PGPSignature signature = processor.process();