Cleartext signature framework: Reuse ConsumerOptions

pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/CleartextSignatureProcessor.java

@@ -15,6 +15,8 @@
  */
 package org.pgpainless.signature.cleartext_signatures;
 
+import static org.pgpainless.signature.SignatureValidator.signatureWasCreatedInBounds;
+
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -28,10 +30,10 @@ import org.bouncycastle.bcpg.ArmoredInputStream;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
-import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureList;
 import org.pgpainless.PGPainless;
+import org.pgpainless.decryption_verification.ConsumerOptions;
 import org.pgpainless.exception.SignatureValidationException;
 import org.pgpainless.signature.CertificateValidator;
 import org.pgpainless.signature.SignatureVerifier;
@@ -45,11 +47,11 @@ public class CleartextSignatureProcessor {
     private static final Logger LOGGER = Logger.getLogger(CleartextSignatureProcessor.class.getName());
 
     private final ArmoredInputStream in;
-    private final PGPPublicKeyRingCollection verificationKeys;
+    private final ConsumerOptions options;
     private final MultiPassStrategy multiPassStrategy;
 
     public CleartextSignatureProcessor(InputStream inputStream,
-                                       PGPPublicKeyRingCollection verificationKeys,
+                                       ConsumerOptions options,
                                        MultiPassStrategy multiPassStrategy)
             throws IOException {
         if (inputStream instanceof ArmoredInputStream) {
@@ -57,7 +59,7 @@ public class CleartextSignatureProcessor {
         } else {
             this.in = ArmoredInputStreamFactory.get(inputStream);
         }
-        this.verificationKeys = verificationKeys;
+        this.options = options;
         this.multiPassStrategy = multiPassStrategy;
     }
 
@@ -81,7 +83,7 @@ public class CleartextSignatureProcessor {
         for (PGPSignature signature : signatures) {
             PGPPublicKeyRing certificate = null;
             PGPPublicKey signingKey = null;
-            for (PGPPublicKeyRing cert : verificationKeys) {
+            for (PGPPublicKeyRing cert : options.getCertificates()) {
                 signingKey = cert.getPublicKey(signature.getKeyID());
                 if (signingKey != null) {
                     certificate = cert;
@@ -94,6 +96,7 @@ public class CleartextSignatureProcessor {
             }
 
             try {
+                signatureWasCreatedInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(signature);
                 SignatureVerifier.initializeSignatureAndUpdateWithSignedData(signature, multiPassStrategy.getMessageInputStream(), signingKey);
                 CertificateValidator.validateCertificateAndVerifyInitializedSignature(signature, certificate, PGPainless.getPolicy());
                 return signature;

pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/VerifyCleartextSignatures.java

@@ -22,6 +22,7 @@ import java.io.InputStream;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
+import org.pgpainless.decryption_verification.ConsumerOptions;
 
 /**
  * Interface defining the API for verification of cleartext signed documents.
@@ -53,6 +54,15 @@ public interface VerifyCleartextSignatures {
 
     interface VerifyWith {
 
+        /**
+         * Pass in consumer options like verification certificates, acceptable date ranges etc.
+         *
+         * @param options options
+         * @return processor
+         * @throws IOException in case of an IO error
+         */
+        CleartextSignatureProcessor withOptions(ConsumerOptions options) throws IOException;
+
         /**
          * Pass in the verification key ring.
          *
@@ -60,7 +70,10 @@ public interface VerifyCleartextSignatures {
          * @return processor
          * @throws PGPException if the keys cannot be converted to a {@link PGPPublicKeyRingCollection}.
          * @throws IOException if the keys cannot be parsed properly
+         *
+         * @deprecated use {@link #withOptions(ConsumerOptions)} instead.
          */
+        @Deprecated
         CleartextSignatureProcessor verifyWith(PGPPublicKeyRing publicKey) throws PGPException, IOException;
 
         /**
@@ -69,7 +82,10 @@ public interface VerifyCleartextSignatures {
          * @param publicKeys verification keys
          * @return processor
          * @throws IOException if the keys cannot be parsed properly
+         *
+         * @deprecated use {@link #withOptions(ConsumerOptions)} instead.
          */
+        @Deprecated
         CleartextSignatureProcessor verifyWith(PGPPublicKeyRingCollection publicKeys) throws IOException;
 
     }

pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/VerifyCleartextSignaturesImpl.java

@@ -17,17 +17,15 @@ package org.pgpainless.signature.cleartext_signatures;
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.Collections;
 
-import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
+import org.pgpainless.decryption_verification.ConsumerOptions;
 
 public class VerifyCleartextSignaturesImpl implements VerifyCleartextSignatures {
 
     private InputStream inputStream;
     private MultiPassStrategy multiPassStrategy;
-    private PGPPublicKeyRingCollection verificationKeys;
 
     @Override
     public WithStrategy onInputStream(InputStream inputStream) {
@@ -50,15 +48,22 @@ public class VerifyCleartextSignaturesImpl implements VerifyCleartextSignatures
     public class VerifyWithImpl implements VerifyWith {
 
         @Override
-        public CleartextSignatureProcessor verifyWith(PGPPublicKeyRing publicKey) throws PGPException, IOException {
+        public CleartextSignatureProcessor withOptions(ConsumerOptions options) throws IOException {
-            VerifyCleartextSignaturesImpl.this.verificationKeys = new PGPPublicKeyRingCollection(Collections.singleton(publicKey));
+            return new CleartextSignatureProcessor(inputStream, options, multiPassStrategy);
-            return new CleartextSignatureProcessor(inputStream, verificationKeys, multiPassStrategy);
+        }
+
+        @Override
+        public CleartextSignatureProcessor verifyWith(PGPPublicKeyRing publicKey) throws IOException {
+            ConsumerOptions options = new ConsumerOptions();
+            options.addVerificationCert(publicKey);
+            return new CleartextSignatureProcessor(inputStream, options, multiPassStrategy);
         }
 
         @Override
         public CleartextSignatureProcessor verifyWith(PGPPublicKeyRingCollection publicKeys) throws IOException {
-            VerifyCleartextSignaturesImpl.this.verificationKeys = publicKeys;
+            ConsumerOptions options = new ConsumerOptions();
-            return new CleartextSignatureProcessor(inputStream, verificationKeys, multiPassStrategy);
+            options.addVerificationCerts(publicKeys);
+            return new CleartextSignatureProcessor(inputStream, options, multiPassStrategy);
         }
     }
 }

pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CleartextSignatureVerificationTest.java

@@ -77,12 +77,14 @@ public class CleartextSignatureVerificationTest {
     @Test
     public void cleartextSignVerification_InMemoryMultiPassStrategy() throws IOException, PGPException {
         PGPPublicKeyRing signingKeys = TestKeys.getEmilPublicKeyRing();
+        ConsumerOptions options = new ConsumerOptions()
+                .addVerificationCert(signingKeys);
 
         InMemoryMultiPassStrategy multiPassStrategy = MultiPassStrategy.keepMessageInMemory();
         CleartextSignatureProcessor processor = PGPainless.verifyCleartextSignedMessage()
                 .onInputStream(new ByteArrayInputStream(MESSAGE_SIGNED))
                 .withStrategy(multiPassStrategy)
-                .verifyWith(signingKeys);
+                .withOptions(options);
 
         PGPSignature signature = processor.process();
 
@@ -93,6 +95,8 @@ public class CleartextSignatureVerificationTest {
     @Test
     public void cleartextSignVerification_FileBasedMultiPassStrategy() throws IOException, PGPException {
         PGPPublicKeyRing signingKeys = TestKeys.getEmilPublicKeyRing();
+        ConsumerOptions options = new ConsumerOptions()
+                .addVerificationCert(signingKeys);
 
         File tempDir = TestUtils.createTempDirectory();
         File file = new File(tempDir, "file");
@@ -100,7 +104,7 @@ public class CleartextSignatureVerificationTest {
         CleartextSignatureProcessor processor = PGPainless.verifyCleartextSignedMessage()
                 .onInputStream(new ByteArrayInputStream(MESSAGE_SIGNED))
                 .withStrategy(multiPassStrategy)
-                .verifyWith(signingKeys);
+                .withOptions(options);
 
         PGPSignature signature = processor.process();