mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-14 00:12:06 +01:00
Properly expose signatures
This commit is contained in:
parent
b2cf606638
commit
2a624d30f9
3 changed files with 171 additions and 114 deletions
|
@ -91,16 +91,24 @@ public class MessageMetadata {
|
|||
};
|
||||
}
|
||||
|
||||
public @Nonnull List<SignatureVerification> getVerifiedSignatures() {
|
||||
public List<SignatureVerification> getVerifiedDetachedSignatures() {
|
||||
return new ArrayList<>(message.verifiedDetachedSignatures);
|
||||
}
|
||||
|
||||
public List<SignatureVerification.Failure> getRejectedDetachedSignatures() {
|
||||
return new ArrayList<>(message.rejectedDetachedSignatures);
|
||||
}
|
||||
|
||||
public @Nonnull List<SignatureVerification> getVerifiedInlineSignatures() {
|
||||
List<SignatureVerification> verifications = new ArrayList<>();
|
||||
Iterator<List<SignatureVerification>> verificationsByLayer = getVerifiedSignaturesByLayer();
|
||||
Iterator<List<SignatureVerification>> verificationsByLayer = getVerifiedInlineSignaturesByLayer();
|
||||
while (verificationsByLayer.hasNext()) {
|
||||
verifications.addAll(verificationsByLayer.next());
|
||||
}
|
||||
return verifications;
|
||||
}
|
||||
|
||||
public @Nonnull Iterator<List<SignatureVerification>> getVerifiedSignaturesByLayer() {
|
||||
public @Nonnull Iterator<List<SignatureVerification>> getVerifiedInlineSignaturesByLayer() {
|
||||
return new LayerIterator<List<SignatureVerification>>(message) {
|
||||
@Override
|
||||
boolean matches(Nested layer) {
|
||||
|
@ -114,21 +122,24 @@ public class MessageMetadata {
|
|||
|
||||
@Override
|
||||
List<SignatureVerification> getProperty(Layer last) {
|
||||
return new ArrayList<>(last.getVerifiedSignatures());
|
||||
List<SignatureVerification> list = new ArrayList<>();
|
||||
list.addAll(last.getVerifiedOnePassSignatures());
|
||||
list.addAll(last.getVerifiedPrependedSignatures());
|
||||
return list;
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
public @Nonnull List<SignatureVerification.Failure> getRejectedSignatures() {
|
||||
public @Nonnull List<SignatureVerification.Failure> getRejectedInlineSignatures() {
|
||||
List<SignatureVerification.Failure> rejected = new ArrayList<>();
|
||||
Iterator<List<SignatureVerification.Failure>> rejectedByLayer = getRejectedSignaturesByLayer();
|
||||
Iterator<List<SignatureVerification.Failure>> rejectedByLayer = getRejectedInlineSignaturesByLayer();
|
||||
while (rejectedByLayer.hasNext()) {
|
||||
rejected.addAll(rejectedByLayer.next());
|
||||
}
|
||||
return rejected;
|
||||
}
|
||||
|
||||
public @Nonnull Iterator<List<SignatureVerification.Failure>> getRejectedSignaturesByLayer() {
|
||||
public @Nonnull Iterator<List<SignatureVerification.Failure>> getRejectedInlineSignaturesByLayer() {
|
||||
return new LayerIterator<List<SignatureVerification.Failure>>(message) {
|
||||
@Override
|
||||
boolean matches(Nested layer) {
|
||||
|
@ -142,7 +153,10 @@ public class MessageMetadata {
|
|||
|
||||
@Override
|
||||
List<SignatureVerification.Failure> getProperty(Layer last) {
|
||||
return new ArrayList<>(last.getFailedSignatures());
|
||||
List<SignatureVerification.Failure> list = new ArrayList<>();
|
||||
list.addAll(last.getRejectedOnePassSignatures());
|
||||
list.addAll(last.getRejectedPrependedSignatures());
|
||||
return list;
|
||||
}
|
||||
};
|
||||
}
|
||||
|
@ -169,8 +183,12 @@ public class MessageMetadata {
|
|||
}
|
||||
|
||||
public abstract static class Layer {
|
||||
protected final List<SignatureVerification> verifiedSignatures = new ArrayList<>();
|
||||
protected final List<SignatureVerification.Failure> failedSignatures = new ArrayList<>();
|
||||
protected final List<SignatureVerification> verifiedDetachedSignatures = new ArrayList<>();
|
||||
protected final List<SignatureVerification.Failure> rejectedDetachedSignatures = new ArrayList<>();
|
||||
protected final List<SignatureVerification> verifiedOnePassSignatures = new ArrayList<>();
|
||||
protected final List<SignatureVerification.Failure> rejectedOnePassSignatures = new ArrayList<>();
|
||||
protected final List<SignatureVerification> verifiedPrependedSignatures = new ArrayList<>();
|
||||
protected final List<SignatureVerification.Failure> rejectedPrependedSignatures = new ArrayList<>();
|
||||
protected Nested child;
|
||||
|
||||
public Nested getChild() {
|
||||
|
@ -181,21 +199,54 @@ public class MessageMetadata {
|
|||
this.child = child;
|
||||
}
|
||||
|
||||
public List<SignatureVerification> getVerifiedSignatures() {
|
||||
return new ArrayList<>(verifiedSignatures);
|
||||
public List<SignatureVerification> getVerifiedDetachedSignatures() {
|
||||
return new ArrayList<>(verifiedDetachedSignatures);
|
||||
}
|
||||
|
||||
public List<SignatureVerification.Failure> getFailedSignatures() {
|
||||
return new ArrayList<>(failedSignatures);
|
||||
public List<SignatureVerification.Failure> getRejectedDetachedSignatures() {
|
||||
return new ArrayList<>(rejectedDetachedSignatures);
|
||||
}
|
||||
|
||||
void addVerifiedSignature(SignatureVerification signatureVerification) {
|
||||
verifiedSignatures.add(signatureVerification);
|
||||
void addVerifiedDetachedSignature(SignatureVerification signatureVerification) {
|
||||
verifiedDetachedSignatures.add(signatureVerification);
|
||||
}
|
||||
|
||||
void addFailedSignature(SignatureVerification.Failure failure) {
|
||||
failedSignatures.add(failure);
|
||||
void addRejectedDetachedSignature(SignatureVerification.Failure failure) {
|
||||
rejectedDetachedSignatures.add(failure);
|
||||
}
|
||||
|
||||
public List<SignatureVerification> getVerifiedOnePassSignatures() {
|
||||
return new ArrayList<>(verifiedOnePassSignatures);
|
||||
}
|
||||
|
||||
public List<SignatureVerification.Failure> getRejectedOnePassSignatures() {
|
||||
return new ArrayList<>(rejectedOnePassSignatures);
|
||||
}
|
||||
|
||||
void addVerifiedOnePassSignature(SignatureVerification verifiedOnePassSignature) {
|
||||
this.verifiedOnePassSignatures.add(verifiedOnePassSignature);
|
||||
}
|
||||
|
||||
void addRejectedOnePassSignature(SignatureVerification.Failure rejected) {
|
||||
this.rejectedOnePassSignatures.add(rejected);
|
||||
}
|
||||
|
||||
public List<SignatureVerification> getVerifiedPrependedSignatures() {
|
||||
return new ArrayList<>(verifiedPrependedSignatures);
|
||||
}
|
||||
|
||||
public List<SignatureVerification.Failure> getRejectedPrependedSignatures() {
|
||||
return new ArrayList<>(rejectedPrependedSignatures);
|
||||
}
|
||||
|
||||
void addVerifiedPrependedSignature(SignatureVerification verified) {
|
||||
this.verifiedPrependedSignatures.add(verified);
|
||||
}
|
||||
|
||||
void addRejectedPrependedSignature(SignatureVerification.Failure rejected) {
|
||||
this.rejectedPrependedSignatures.add(rejected);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public interface Nested {
|
||||
|
|
|
@ -29,6 +29,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
|
|||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSessionKey;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory;
|
||||
import org.bouncycastle.openpgp.operator.PGPContentVerifierBuilderProvider;
|
||||
|
@ -55,6 +56,7 @@ import org.pgpainless.key.protection.SecretKeyRingProtector;
|
|||
import org.pgpainless.key.protection.UnlockSecretKey;
|
||||
import org.pgpainless.policy.Policy;
|
||||
import org.pgpainless.signature.SignatureUtils;
|
||||
import org.pgpainless.signature.consumer.SignatureValidator;
|
||||
import org.pgpainless.util.Passphrase;
|
||||
import org.pgpainless.util.SessionKey;
|
||||
import org.pgpainless.util.Tuple;
|
||||
|
@ -94,9 +96,9 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
}
|
||||
|
||||
protected OpenPgpMessageInputStream(@Nonnull InputStream inputStream,
|
||||
@Nonnull ConsumerOptions options,
|
||||
@Nonnull MessageMetadata.Layer metadata,
|
||||
@Nonnull Policy policy)
|
||||
@Nonnull ConsumerOptions options,
|
||||
@Nonnull MessageMetadata.Layer metadata,
|
||||
@Nonnull Policy policy)
|
||||
throws PGPException, IOException {
|
||||
super(OpenPgpMetadata.getBuilder());
|
||||
|
||||
|
@ -173,7 +175,7 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
|
||||
throw new MissingDecryptionMethodException("No working decryption method found.");
|
||||
|
||||
// Marker Packets need to be skipped and ignored
|
||||
// Marker Packets need to be skipped and ignored
|
||||
case MARKER:
|
||||
packetInputStream.readMarker();
|
||||
break;
|
||||
|
@ -236,7 +238,7 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
PGPSignature signature = packetInputStream.readSignature();
|
||||
if (isSigForOPS) {
|
||||
signatures.leaveNesting(); // TODO: Only leave nesting if all OPSs of the nesting layer are dealt with
|
||||
signatures.addCorrespondingOnePassSignature(signature, metadata);
|
||||
signatures.addCorrespondingOnePassSignature(signature, metadata, policy);
|
||||
} else {
|
||||
signatures.addPrependedSignature(signature);
|
||||
}
|
||||
|
@ -257,7 +259,6 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
// Try session key
|
||||
if (options.getSessionKey() != null) {
|
||||
SessionKey sessionKey = options.getSessionKey();
|
||||
|
||||
throwIfUnacceptable(sessionKey.getAlgorithm());
|
||||
|
||||
SessionKeyDataDecryptorFactory decryptorFactory = ImplementationFactory.getInstance()
|
||||
|
@ -270,11 +271,13 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
if (esk instanceof PGPPBEEncryptedData) {
|
||||
PGPPBEEncryptedData skesk = (PGPPBEEncryptedData) esk;
|
||||
InputStream decrypted = skesk.getDataStream(decryptorFactory);
|
||||
encryptedData.sessionKey = sessionKey;
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(decrypted), options, encryptedData, policy);
|
||||
return true;
|
||||
} else if (esk instanceof PGPPublicKeyEncryptedData) {
|
||||
PGPPublicKeyEncryptedData pkesk = (PGPPublicKeyEncryptedData) esk;
|
||||
InputStream decrypted = pkesk.getDataStream(decryptorFactory);
|
||||
encryptedData.sessionKey = sessionKey;
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(decrypted), options, encryptedData, policy);
|
||||
return true;
|
||||
} else {
|
||||
|
@ -290,22 +293,22 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
SymmetricKeyAlgorithm kekAlgorithm = SymmetricKeyAlgorithm.requireFromId(skesk.getAlgorithm());
|
||||
throwIfUnacceptable(kekAlgorithm);
|
||||
for (Passphrase passphrase : options.getDecryptionPassphrases()) {
|
||||
PBEDataDecryptorFactory decryptorFactory = ImplementationFactory.getInstance()
|
||||
.getPBEDataDecryptorFactory(passphrase);
|
||||
PBEDataDecryptorFactory decryptorFactory = ImplementationFactory.getInstance()
|
||||
.getPBEDataDecryptorFactory(passphrase);
|
||||
|
||||
try {
|
||||
InputStream decrypted = skesk.getDataStream(decryptorFactory);
|
||||
SymmetricKeyAlgorithm sessionKeyAlgorithm = SymmetricKeyAlgorithm.requireFromId(
|
||||
skesk.getSymmetricAlgorithm(decryptorFactory));
|
||||
throwIfUnacceptable(sessionKeyAlgorithm);
|
||||
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(sessionKeyAlgorithm);
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(decrypted), options, encryptedData, policy);
|
||||
return true;
|
||||
} catch (UnacceptableAlgorithmException e) {
|
||||
throw e;
|
||||
} catch (PGPException e) {
|
||||
// Password mismatch?
|
||||
}
|
||||
try {
|
||||
InputStream decrypted = skesk.getDataStream(decryptorFactory);
|
||||
SessionKey sessionKey = new SessionKey(skesk.getSessionKey(decryptorFactory));
|
||||
throwIfUnacceptable(sessionKey.getAlgorithm());
|
||||
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(sessionKey.getAlgorithm());
|
||||
encryptedData.sessionKey = sessionKey;
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(decrypted), options, encryptedData, policy);
|
||||
return true;
|
||||
} catch (UnacceptableAlgorithmException e) {
|
||||
throw e;
|
||||
} catch (PGPException e) {
|
||||
// Password mismatch?
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -323,11 +326,13 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
PublicKeyDataDecryptorFactory decryptorFactory = ImplementationFactory.getInstance()
|
||||
.getPublicKeyDataDecryptorFactory(privateKey);
|
||||
try {
|
||||
SymmetricKeyAlgorithm symAlg = SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory));
|
||||
throwIfUnacceptable(symAlg);
|
||||
InputStream decrypted = pkesk.getDataStream(decryptorFactory);
|
||||
SessionKey sessionKey = new SessionKey(pkesk.getSessionKey(decryptorFactory));
|
||||
throwIfUnacceptable(sessionKey.getAlgorithm());
|
||||
|
||||
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(
|
||||
SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory)));
|
||||
encryptedData.sessionKey = sessionKey;
|
||||
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(decrypted), options, encryptedData, policy);
|
||||
return true;
|
||||
|
@ -348,8 +353,12 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
|
||||
try {
|
||||
InputStream decrypted = pkesk.getDataStream(decryptorFactory);
|
||||
SessionKey sessionKey = new SessionKey(pkesk.getSessionKey(decryptorFactory));
|
||||
throwIfUnacceptable(sessionKey.getAlgorithm());
|
||||
|
||||
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(
|
||||
SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory)));
|
||||
encryptedData.sessionKey = sessionKey;
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(decrypted), options, encryptedData, policy);
|
||||
return true;
|
||||
} catch (PGPException e) {
|
||||
|
@ -427,7 +436,7 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
} catch (PGPException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
signatures.finish(metadata);
|
||||
signatures.finish(metadata, policy);
|
||||
}
|
||||
return r;
|
||||
}
|
||||
|
@ -455,7 +464,7 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
} catch (PGPException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
signatures.finish(metadata);
|
||||
signatures.finish(metadata, policy);
|
||||
}
|
||||
return r;
|
||||
}
|
||||
|
@ -588,7 +597,7 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
}
|
||||
}
|
||||
|
||||
void addCorrespondingOnePassSignature(PGPSignature signature, MessageMetadata.Layer layer) {
|
||||
void addCorrespondingOnePassSignature(PGPSignature signature, MessageMetadata.Layer layer, Policy policy) {
|
||||
for (int i = onePassSignatures.size() - 1; i >= 0; i--) {
|
||||
OnePassSignature onePassSignature = onePassSignatures.get(i);
|
||||
if (onePassSignature.opSignature.getKeyID() != signature.getKeyID()) {
|
||||
|
@ -598,19 +607,32 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
continue;
|
||||
}
|
||||
|
||||
boolean verified = onePassSignature.verify(signature);
|
||||
boolean correct = onePassSignature.verify(signature);
|
||||
SignatureVerification verification = new SignatureVerification(signature,
|
||||
new SubkeyIdentifier(onePassSignature.certificate, onePassSignature.keyId));
|
||||
if (verified) {
|
||||
layer.addVerifiedSignature(verification);
|
||||
if (correct) {
|
||||
PGPPublicKey signingKey = onePassSignature.certificate.getPublicKey(onePassSignature.keyId);
|
||||
try {
|
||||
checkSignatureValidity(signature, signingKey, policy);
|
||||
layer.addVerifiedOnePassSignature(verification);
|
||||
} catch (SignatureValidationException e) {
|
||||
layer.addRejectedOnePassSignature(new SignatureVerification.Failure(verification, e));
|
||||
}
|
||||
} else {
|
||||
layer.addFailedSignature(new SignatureVerification.Failure(verification,
|
||||
new SignatureValidationException("Incorrect Signature.")));
|
||||
layer.addRejectedOnePassSignature(new SignatureVerification.Failure(verification,
|
||||
new SignatureValidationException("Bad Signature.")));
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
boolean checkSignatureValidity(PGPSignature signature, PGPPublicKey signingKey, Policy policy) throws SignatureValidationException {
|
||||
SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature);
|
||||
SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature);
|
||||
SignatureValidator.signatureIsEffective().verify(signature);
|
||||
return true;
|
||||
}
|
||||
|
||||
void enterNesting() {
|
||||
opsUpdateStack.push(literalOPS);
|
||||
literalOPS = new ArrayList<>();
|
||||
|
@ -699,27 +721,39 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
}
|
||||
}
|
||||
|
||||
public void finish(MessageMetadata.Layer layer) {
|
||||
public void finish(MessageMetadata.Layer layer, Policy policy) {
|
||||
for (DetachedOrPrependedSignature detached : detachedSignatures) {
|
||||
boolean verified = detached.verify();
|
||||
boolean correct = detached.verify();
|
||||
SignatureVerification verification = new SignatureVerification(
|
||||
detached.signature, new SubkeyIdentifier(detached.certificate, detached.keyId));
|
||||
if (verified) {
|
||||
layer.addVerifiedSignature(verification);
|
||||
if (correct) {
|
||||
try {
|
||||
PGPPublicKey signingKey = detached.certificate.getPublicKey(detached.keyId);
|
||||
checkSignatureValidity(detached.signature, signingKey, policy);
|
||||
layer.addVerifiedDetachedSignature(verification);
|
||||
} catch (SignatureValidationException e) {
|
||||
layer.addRejectedDetachedSignature(new SignatureVerification.Failure(verification, e));
|
||||
}
|
||||
} else {
|
||||
layer.addFailedSignature(new SignatureVerification.Failure(
|
||||
verification, new SignatureValidationException("Incorrect Signature.")));
|
||||
layer.addRejectedDetachedSignature(new SignatureVerification.Failure(
|
||||
verification, new SignatureValidationException("Incorrect Signature.")));
|
||||
}
|
||||
}
|
||||
|
||||
for (DetachedOrPrependedSignature prepended : prependedSignatures) {
|
||||
boolean verified = prepended.verify();
|
||||
boolean correct = prepended.verify();
|
||||
SignatureVerification verification = new SignatureVerification(
|
||||
prepended.signature, new SubkeyIdentifier(prepended.certificate, prepended.keyId));
|
||||
if (verified) {
|
||||
layer.addVerifiedSignature(verification);
|
||||
if (correct) {
|
||||
try {
|
||||
PGPPublicKey signingKey = prepended.certificate.getPublicKey(prepended.keyId);
|
||||
checkSignatureValidity(prepended.signature, signingKey, policy);
|
||||
layer.addVerifiedPrependedSignature(verification);
|
||||
} catch (SignatureValidationException e) {
|
||||
layer.addRejectedPrependedSignature(new SignatureVerification.Failure(verification, e));
|
||||
}
|
||||
} else {
|
||||
layer.addFailedSignature(new SignatureVerification.Failure(
|
||||
layer.addRejectedPrependedSignature(new SignatureVerification.Failure(
|
||||
verification, new SignatureValidationException("Incorrect Signature.")));
|
||||
}
|
||||
}
|
||||
|
@ -859,46 +893,18 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
resultBuilder.setFileEncoding(m.getFormat());
|
||||
resultBuilder.setSessionKey(m.getSessionKey());
|
||||
|
||||
for (Signatures.OnePassSignature ops : signatures.onePassSignatures) {
|
||||
if (!ops.finished) {
|
||||
continue;
|
||||
}
|
||||
|
||||
SubkeyIdentifier identifier = new SubkeyIdentifier(ops.certificate, ops.keyId);
|
||||
SignatureVerification verification = new SignatureVerification(ops.signature, identifier);
|
||||
if (ops.valid) {
|
||||
resultBuilder.addVerifiedInbandSignature(verification);
|
||||
} else {
|
||||
resultBuilder.addInvalidInbandSignature(verification, new SignatureValidationException("Incorrect signature."));
|
||||
}
|
||||
for (SignatureVerification accepted : m.getVerifiedDetachedSignatures()) {
|
||||
resultBuilder.addVerifiedDetachedSignature(accepted);
|
||||
}
|
||||
for (SignatureVerification.Failure rejected : m.getRejectedDetachedSignatures()) {
|
||||
resultBuilder.addInvalidDetachedSignature(rejected.getSignatureVerification(), rejected.getValidationException());
|
||||
}
|
||||
|
||||
for (Signatures.DetachedOrPrependedSignature prep : signatures.prependedSignatures) {
|
||||
if (!prep.finished) {
|
||||
continue;
|
||||
}
|
||||
|
||||
SubkeyIdentifier identifier = new SubkeyIdentifier(prep.certificate, prep.keyId);
|
||||
SignatureVerification verification = new SignatureVerification(prep.signature, identifier);
|
||||
if (prep.valid) {
|
||||
resultBuilder.addVerifiedInbandSignature(verification);
|
||||
} else {
|
||||
resultBuilder.addInvalidInbandSignature(verification, new SignatureValidationException("Incorrect signature."));
|
||||
}
|
||||
for (SignatureVerification accepted : m.getVerifiedInlineSignatures()) {
|
||||
resultBuilder.addVerifiedInbandSignature(accepted);
|
||||
}
|
||||
|
||||
for (Signatures.DetachedOrPrependedSignature det : signatures.detachedSignatures) {
|
||||
if (!det.finished) {
|
||||
continue;
|
||||
}
|
||||
|
||||
SubkeyIdentifier identifier = new SubkeyIdentifier(det.certificate, det.keyId);
|
||||
SignatureVerification verification = new SignatureVerification(det.signature, identifier);
|
||||
if (det.valid) {
|
||||
resultBuilder.addVerifiedDetachedSignature(verification);
|
||||
} else {
|
||||
resultBuilder.addInvalidDetachedSignature(verification, new SignatureValidationException("Incorrect signature."));
|
||||
}
|
||||
for (SignatureVerification.Failure rejected : m.getRejectedInlineSignatures()) {
|
||||
resultBuilder.addInvalidInbandSignature(rejected.getSignatureVerification(), rejected.getValidationException());
|
||||
}
|
||||
|
||||
return resultBuilder.build();
|
||||
|
|
|
@ -332,8 +332,8 @@ public class OpenPgpMessageInputStreamTest {
|
|||
assertEquals("", metadata.getFilename());
|
||||
JUtils.assertDateEquals(new Date(0L), metadata.getModificationDate());
|
||||
assertEquals(StreamEncoding.BINARY, metadata.getFormat());
|
||||
assertTrue(metadata.getVerifiedSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedSignatures().isEmpty());
|
||||
assertTrue(metadata.getVerifiedInlineSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedInlineSignatures().isEmpty());
|
||||
}
|
||||
|
||||
@ParameterizedTest(name = "Process LIT LIT using {0}")
|
||||
|
@ -352,8 +352,8 @@ public class OpenPgpMessageInputStreamTest {
|
|||
assertEquals(PLAINTEXT, plain);
|
||||
MessageMetadata metadata = result.getB();
|
||||
assertEquals(CompressionAlgorithm.ZIP, metadata.getCompressionAlgorithm());
|
||||
assertTrue(metadata.getVerifiedSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedSignatures().isEmpty());
|
||||
assertTrue(metadata.getVerifiedInlineSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedInlineSignatures().isEmpty());
|
||||
}
|
||||
|
||||
@ParameterizedTest(name = "Process COMP using {0}")
|
||||
|
@ -377,8 +377,8 @@ public class OpenPgpMessageInputStreamTest {
|
|||
assertEquals(CompressionAlgorithm.BZIP2, compressionAlgorithms.next());
|
||||
assertFalse(compressionAlgorithms.hasNext());
|
||||
assertNull(metadata.getEncryptionAlgorithm());
|
||||
assertTrue(metadata.getVerifiedSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedSignatures().isEmpty());
|
||||
assertTrue(metadata.getVerifiedInlineSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedInlineSignatures().isEmpty());
|
||||
}
|
||||
|
||||
@ParameterizedTest(name = "Process SIG COMP(LIT) using {0}")
|
||||
|
@ -395,8 +395,8 @@ public class OpenPgpMessageInputStreamTest {
|
|||
MessageMetadata metadata = result.getB();
|
||||
assertEquals(CompressionAlgorithm.ZIP, metadata.getCompressionAlgorithm());
|
||||
assertNull(metadata.getEncryptionAlgorithm());
|
||||
assertFalse(metadata.getVerifiedSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedSignatures().isEmpty());
|
||||
assertFalse(metadata.getVerifiedInlineSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedInlineSignatures().isEmpty());
|
||||
}
|
||||
|
||||
@ParameterizedTest(name = "Process SENC(LIT) using {0}")
|
||||
|
@ -410,8 +410,8 @@ public class OpenPgpMessageInputStreamTest {
|
|||
MessageMetadata metadata = result.getB();
|
||||
assertNull(metadata.getCompressionAlgorithm());
|
||||
assertEquals(SymmetricKeyAlgorithm.AES_256, metadata.getEncryptionAlgorithm());
|
||||
assertTrue(metadata.getVerifiedSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedSignatures().isEmpty());
|
||||
assertTrue(metadata.getVerifiedInlineSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedInlineSignatures().isEmpty());
|
||||
}
|
||||
|
||||
@ParameterizedTest(name = "Process PENC(COMP(LIT)) using {0}")
|
||||
|
@ -426,8 +426,8 @@ public class OpenPgpMessageInputStreamTest {
|
|||
MessageMetadata metadata = result.getB();
|
||||
assertEquals(CompressionAlgorithm.ZLIB, metadata.getCompressionAlgorithm());
|
||||
assertEquals(SymmetricKeyAlgorithm.AES_256, metadata.getEncryptionAlgorithm());
|
||||
assertTrue(metadata.getVerifiedSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedSignatures().isEmpty());
|
||||
assertTrue(metadata.getVerifiedInlineSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedInlineSignatures().isEmpty());
|
||||
}
|
||||
|
||||
@ParameterizedTest(name = "Process OPS LIT SIG using {0}")
|
||||
|
@ -442,8 +442,8 @@ public class OpenPgpMessageInputStreamTest {
|
|||
MessageMetadata metadata = result.getB();
|
||||
assertNull(metadata.getEncryptionAlgorithm());
|
||||
assertNull(metadata.getCompressionAlgorithm());
|
||||
assertFalse(metadata.getVerifiedSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedSignatures().isEmpty());
|
||||
assertFalse(metadata.getVerifiedInlineSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedInlineSignatures().isEmpty());
|
||||
}
|
||||
|
||||
String BOB_KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" +
|
||||
|
@ -579,8 +579,8 @@ public class OpenPgpMessageInputStreamTest {
|
|||
MessageMetadata metadata = result.getB();
|
||||
assertEquals(SymmetricKeyAlgorithm.AES_256, metadata.getEncryptionAlgorithm());
|
||||
assertNull(metadata.getCompressionAlgorithm());
|
||||
assertFalse(metadata.getVerifiedSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedSignatures().isEmpty());
|
||||
assertFalse(metadata.getVerifiedInlineSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedInlineSignatures().isEmpty());
|
||||
}
|
||||
|
||||
@ParameterizedTest(name = "Process PENC(OPS OPS OPS LIT SIG SIG SIG) using {0}")
|
||||
|
@ -644,8 +644,8 @@ public class OpenPgpMessageInputStreamTest {
|
|||
MessageMetadata metadata = result.getB();
|
||||
assertEquals(SymmetricKeyAlgorithm.AES_256, metadata.getEncryptionAlgorithm());
|
||||
assertNull(metadata.getCompressionAlgorithm());
|
||||
assertFalse(metadata.getVerifiedSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedSignatures().isEmpty());
|
||||
assertFalse(metadata.getVerifiedInlineSignatures().isEmpty());
|
||||
assertTrue(metadata.getRejectedInlineSignatures().isEmpty());
|
||||
}
|
||||
|
||||
private static Tuple<String, MessageMetadata> processReadBuffered(String armoredMessage, ConsumerOptions options)
|
||||
|
|
Loading…
Reference in a new issue