diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/KeyRingValidator.java b/pgpainless-core/src/main/java/org/pgpainless/key/KeyRingValidator.java index cc5d0997..ef970f33 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/KeyRingValidator.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/KeyRingValidator.java @@ -33,7 +33,7 @@ import org.pgpainless.exception.SignatureValidationException; import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.policy.Policy; import org.pgpainless.signature.SignatureCreationDateComparator; -import org.pgpainless.signature.SignatureValidator; +import org.pgpainless.signature.SignatureVerifier; import org.pgpainless.util.CollectionUtils; public final class KeyRingValidator { @@ -77,7 +77,7 @@ public final class KeyRingValidator { Collections.sort(directKeyCertifications, new SignatureCreationDateComparator(SignatureCreationDateComparator.Order.NEW_TO_OLD)); for (PGPSignature signature : directKeyCertifications) { try { - if (SignatureValidator.verifyDirectKeySignature(signature, blank, policy, validationDate)) { + if (SignatureVerifier.verifyDirectKeySignature(signature, blank, policy, validationDate)) { blank = PGPPublicKey.addCertification(blank, signature); } } catch (SignatureValidationException e) { @@ -90,7 +90,7 @@ public final class KeyRingValidator { Collections.sort(directKeyRevocations, new SignatureCreationDateComparator(SignatureCreationDateComparator.Order.NEW_TO_OLD)); for (PGPSignature signature : directKeyRevocations) { try { - if (SignatureValidator.verifyKeyRevocationSignature(signature, primaryKey, policy, validationDate)) { + if (SignatureVerifier.verifyKeyRevocationSignature(signature, primaryKey, policy, validationDate)) { blank = PGPPublicKey.addCertification(blank, signature); } } catch (SignatureValidationException e) { @@ -107,11 +107,11 @@ public final class KeyRingValidator { for (PGPSignature signature : signatures) { try { if (SignatureType.valueOf(signature.getSignatureType()) == SignatureType.CERTIFICATION_REVOCATION) { - if (SignatureValidator.verifyUserIdRevocation(userId, signature, primaryKey, policy, validationDate)) { + if (SignatureVerifier.verifyUserIdRevocation(userId, signature, primaryKey, policy, validationDate)) { blank = PGPPublicKey.addCertification(blank, userId, signature); } } else { - if (SignatureValidator.verifyUserIdCertification(userId, signature, primaryKey, policy, validationDate)) { + if (SignatureVerifier.verifyUserIdCertification(userId, signature, primaryKey, policy, validationDate)) { blank = PGPPublicKey.addCertification(blank, userId, signature); } } @@ -129,11 +129,11 @@ public final class KeyRingValidator { PGPSignature signature = userAttributeSignatureIterator.next(); try { if (SignatureType.valueOf(signature.getSignatureType()) == SignatureType.CERTIFICATION_REVOCATION) { - if (SignatureValidator.verifyUserAttributesRevocation(userAttribute, signature, primaryKey, policy, validationDate)) { + if (SignatureVerifier.verifyUserAttributesRevocation(userAttribute, signature, primaryKey, policy, validationDate)) { blank = PGPPublicKey.addCertification(blank, userAttribute, signature); } } else { - if (SignatureValidator.verifyUserAttributesCertification(userAttribute, signature, primaryKey, policy, validationDate)) { + if (SignatureVerifier.verifyUserAttributesCertification(userAttribute, signature, primaryKey, policy, validationDate)) { blank = PGPPublicKey.addCertification(blank, userAttribute, signature); } } diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/CertificateValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/CertificateValidator.java index 15cc735a..40b275f5 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/CertificateValidator.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/CertificateValidator.java @@ -15,7 +15,7 @@ */ package org.pgpainless.signature; -import static org.pgpainless.signature.SignatureValidator.verifyOnePassSignature; +import static org.pgpainless.signature.SignatureVerifier.verifyOnePassSignature; import java.io.InputStream; import java.util.ArrayList; @@ -40,9 +40,7 @@ import org.pgpainless.policy.Policy; import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil; /** - * This class implements validity checks on OpenPGP signatures. - * Its responsibilities are checking if a signing key was eligible to create a certain signature - * and if the signature is valid at the time of validation. + * A collection of static methods that validate signing certificates (public keys) and verify signature correctness. */ public final class CertificateValidator { @@ -85,7 +83,7 @@ public final class CertificateValidator { while (primaryKeyRevocationIterator.hasNext()) { PGPSignature revocation = primaryKeyRevocationIterator.next(); try { - if (SignatureValidator.verifyKeyRevocationSignature(revocation, primaryKey, policy, signature.getCreationTime())) { + if (SignatureVerifier.verifyKeyRevocationSignature(revocation, primaryKey, policy, signature.getCreationTime())) { directKeySignatures.add(revocation); } } catch (SignatureValidationException e) { @@ -99,7 +97,7 @@ public final class CertificateValidator { while (keySignatures.hasNext()) { PGPSignature keySignature = keySignatures.next(); try { - if (SignatureValidator.verifyDirectKeySignature(keySignature, primaryKey, policy, signature.getCreationTime())) { + if (SignatureVerifier.verifyDirectKeySignature(keySignature, primaryKey, policy, signature.getCreationTime())) { directKeySignatures.add(keySignature); } } catch (SignatureValidationException e) { @@ -125,7 +123,7 @@ public final class CertificateValidator { while (userIdSigs.hasNext()) { PGPSignature userIdSig = userIdSigs.next(); try { - if (SignatureValidator.verifySignatureOverUserId(userId, userIdSig, primaryKey, policy, signature.getCreationTime())) { + if (SignatureVerifier.verifySignatureOverUserId(userId, userIdSig, primaryKey, policy, signature.getCreationTime())) { signaturesOnUserId.add(userIdSig); } } catch (SignatureValidationException e) { @@ -175,7 +173,7 @@ public final class CertificateValidator { while (bindingRevocations.hasNext()) { PGPSignature revocation = bindingRevocations.next(); try { - if (SignatureValidator.verifySubkeyBindingRevocation(revocation, primaryKey, signingSubkey, policy, signature.getCreationTime())) { + if (SignatureVerifier.verifySubkeyBindingRevocation(revocation, primaryKey, signingSubkey, policy, signature.getCreationTime())) { subkeySigs.add(revocation); } } catch (SignatureValidationException e) { @@ -188,7 +186,7 @@ public final class CertificateValidator { while (bindingSigs.hasNext()) { PGPSignature bindingSig = bindingSigs.next(); try { - if (SignatureValidator.verifySubkeyBindingSignature(bindingSig, primaryKey, signingSubkey, policy, signature.getCreationTime())) { + if (SignatureVerifier.verifySubkeyBindingSignature(bindingSig, primaryKey, signingSubkey, policy, signature.getCreationTime())) { subkeySigs.add(bindingSig); } } catch (SignatureValidationException e) { @@ -244,7 +242,7 @@ public final class CertificateValidator { throws SignatureValidationException { validateCertificate(signature, signingKeyRing, policy); long keyId = SignatureUtils.determineIssuerKeyId(signature); - return SignatureValidator.verifyUninitializedSignature(signature, signedData, signingKeyRing.getPublicKey(keyId), policy, validationDate); + return SignatureVerifier.verifyUninitializedSignature(signature, signedData, signingKeyRing.getPublicKey(keyId), policy, validationDate); } /** @@ -262,10 +260,19 @@ public final class CertificateValidator { validateCertificate(signature, verificationKeys, policy); long keyId = SignatureUtils.determineIssuerKeyId(signature); PGPPublicKey signingKey = verificationKeys.getPublicKey(keyId); - SignatureValidator.verifyInitializedSignature(signature, signingKey, policy, signature.getCreationTime()); + SignatureVerifier.verifyInitializedSignature(signature, signingKey, policy, signature.getCreationTime()); return true; } + /** + * Validate the signing key certificate and the given {@link OnePassSignature}. + * + * @param signature OpenPGP signature from the signed message + * @param onePassSignature corresponding one-pass-signature + * @param policy policy + * @return true if the certificate is valid and the signature is correct, false otherwise. + * @throws SignatureValidationException in case of a validation error + */ public static boolean validateCertificateAndVerifyOnePassSignature(PGPSignature signature, OnePassSignature onePassSignature, Policy policy) throws SignatureValidationException { validateCertificate(signature, onePassSignature.getVerificationKeys(), policy); diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/SignaturePicker.java b/pgpainless-core/src/main/java/org/pgpainless/signature/SignaturePicker.java index 6f73d9b0..0592fe97 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/SignaturePicker.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/SignaturePicker.java @@ -63,7 +63,7 @@ public final class SignaturePicker { for (PGPSignature signature : signatures) { try { - SignatureValidator.verifyKeyRevocationSignature(signature, primaryKey, policy, validationDate); + SignatureVerifier.verifyKeyRevocationSignature(signature, primaryKey, policy, validationDate); } catch (SignatureValidationException e) { // Signature is not valid continue; @@ -102,7 +102,7 @@ public final class SignaturePicker { PGPSignature mostRecentDirectKeySigBySigningKey = null; for (PGPSignature signature : directKeySignatures) { try { - SignatureValidator.verifyDirectKeySignature(signature, signingKey, signedKey, policy, validationDate); + SignatureVerifier.verifyDirectKeySignature(signature, signingKey, signedKey, policy, validationDate); } catch (SignatureValidationException e) { // Direct key sig is not valid continue; @@ -180,7 +180,7 @@ public final class SignaturePicker { PGPSignature latestUserIdRevocation = null; for (PGPSignature signature : signatures) { try { - SignatureValidator.verifyUserIdRevocation(userId, signature, primaryKey, policy, validationDate); + SignatureVerifier.verifyUserIdRevocation(userId, signature, primaryKey, policy, validationDate); } catch (SignatureValidationException e) { // User-id revocation is not valid continue; @@ -211,7 +211,7 @@ public final class SignaturePicker { PGPSignature mostRecentUserIdCertification = null; for (PGPSignature signature : signatures) { try { - SignatureValidator.verifyUserIdCertification(userId, signature, primaryKey, policy, validationDate); + SignatureVerifier.verifyUserIdCertification(userId, signature, primaryKey, policy, validationDate); } catch (SignatureValidationException e) { // User-id certification is not valid continue; @@ -243,7 +243,7 @@ public final class SignaturePicker { PGPSignature latestUserIdCert = null; for (PGPSignature signature : signatures) { try { - SignatureValidator.verifyWasPossiblyMadeByKey(primaryKey, signature); + SignatureValidator.wasPossiblyMadeByKey(primaryKey).verify(signature); SignatureValidator.signatureIsCertification().verify(signature); SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature); SignatureValidator.signatureIsAlreadyEffective(validationDate).verify(signature); @@ -284,7 +284,7 @@ public final class SignaturePicker { for (PGPSignature signature : signatures) { try { - SignatureValidator.verifySubkeyBindingRevocation(signature, primaryKey, subkey, policy, validationDate); + SignatureVerifier.verifySubkeyBindingRevocation(signature, primaryKey, subkey, policy, validationDate); } catch (SignatureValidationException e) { // subkey binding revocation is not valid continue; @@ -316,7 +316,7 @@ public final class SignaturePicker { for (PGPSignature signature : subkeyBindingSigs) { try { - SignatureValidator.verifySubkeyBindingSignature(signature, primaryKey, subkey, policy, validationDate); + SignatureVerifier.verifySubkeyBindingSignature(signature, primaryKey, subkey, policy, validationDate); } catch (SignatureValidationException validationException) { // Subkey binding sig is not valid continue; diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java index 14fa3ce7..f6c8dec1 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java @@ -15,8 +15,6 @@ */ package org.pgpainless.signature; -import java.io.IOException; -import java.io.InputStream; import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.Date; @@ -48,456 +46,48 @@ import org.pgpainless.util.BCUtil; import org.pgpainless.util.DateUtil; import org.pgpainless.util.NotationRegistry; +/** + * A collection of validators that perform validation steps over signatures. + */ public abstract class SignatureValidator { public abstract void verify(PGPSignature signature) throws SignatureValidationException; - /** - * Initialize a signature and verify it afterwards by updating it with the signed data. - * - * @param signature OpenPGP signature - * @param signedData input stream containing the signed data - * @param signingKey the key that created the signature - * @param policy policy - * @param validationDate reference date of signature verification - * @return true if the signature is successfully verified - * - * @throws SignatureValidationException if the signature verification fails for some reason - */ - public static boolean verifyUninitializedSignature(PGPSignature signature, InputStream signedData, PGPPublicKey signingKey, Policy policy, Date validationDate) throws SignatureValidationException { - initializeSignatureAndUpdateWithSignedData(signature, signedData, signingKey); - return verifyInitializedSignature(signature, signingKey, policy, validationDate); - } - - /** - * Initialize a signature and then update it with the signed data from the given {@link InputStream}. - * - * @param signature OpenPGP signature - * @param signedData input stream containing signed data - * @param signingKey key that created the signature - * - * @throws SignatureValidationException in case the signature cannot be verified for some reason - */ - public static void initializeSignatureAndUpdateWithSignedData(PGPSignature signature, InputStream signedData, PGPPublicKey signingKey) - throws SignatureValidationException { - try { - signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey); - int read; - byte[] buf = new byte[8192]; - while ((read = signedData.read(buf)) != -1) { - signature.update(buf, 0, read); - } - } catch (PGPException e) { - throw new SignatureValidationException("Cannot init signature.", e); - } catch (IOException e) { - throw new SignatureValidationException("Cannot update signature.", e); - } - } - - /** - * Verify an initialized signature. - * An initialized signature was already updated with the signed data. - * - * @param signature OpenPGP signature - * @param signingKey key that created the signature - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if signature is verified successfully - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifyInitializedSignature(PGPSignature signature, PGPPublicKey signingKey, Policy policy, Date validationDate) - throws SignatureValidationException { - verifyWasPossiblyMadeByKey(signingKey, signature); - signatureStructureIsAcceptable(signingKey, policy).verify(signature); - signatureIsEffective(validationDate).verify(signature); - - try { - if (!signature.verify()) { - throw new SignatureValidationException("Signature is not correct."); - } - return true; - } catch (PGPException e) { - throw new SignatureValidationException("Could not verify signature correctness.", e); - } - } - - public static boolean verifyOnePassSignature(PGPSignature signature, PGPPublicKey signingKey, OnePassSignature onePassSignature, Policy policy) - throws SignatureValidationException { - try { - verifyWasPossiblyMadeByKey(signingKey, signature); - signatureStructureIsAcceptable(signingKey, policy).verify(signature); - signatureIsEffective().verify(signature); - } catch (SignatureValidationException e) { - throw new SignatureValidationException("Signature is not valid: " + e.getMessage(), e); - } - - try { - if (!onePassSignature.verify(signature)) { - throw new SignatureValidationException("Bad signature of key " + Long.toHexString(signingKey.getKeyID())); - } - } catch (PGPException e) { - throw new SignatureValidationException("Could not verify correctness of One-Pass-Signature: " + e.getMessage(), e); - } - - return true; - } - - /** - * Verify a signature (certification or revocation) over a user-id. - * - * @param userId user-id - * @param signature self-signature - * @param primaryKey primary key that created the signature - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if the signature is successfully verified - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifySignatureOverUserId(String userId, PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) - throws SignatureValidationException { - return verifySignatureOverUserId(userId, signature, primaryKey, primaryKey, policy, validationDate); - } - - /** - * Verify a signature (certification or revocation) over a user-id. - * - * @param userId user-id - * @param signature certification signature - * @param signingKey key that created the certification - * @param keyWithUserId key carrying the user-id - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if signature verification is successful - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifySignatureOverUserId(String userId, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserId, Policy policy, Date validationDate) - throws SignatureValidationException { - SignatureType type = SignatureType.valueOf(signature.getSignatureType()); - switch (type) { - case GENERIC_CERTIFICATION: - case NO_CERTIFICATION: - case CASUAL_CERTIFICATION: - case POSITIVE_CERTIFICATION: - return verifyUserIdCertification(userId, signature, signingKey, keyWithUserId, policy, validationDate); - case CERTIFICATION_REVOCATION: - return verifyUserIdRevocation(userId, signature, signingKey, keyWithUserId, policy, validationDate); - default: - throw new SignatureValidationException("Signature is not a valid user-id certification/revocation signature: " + type); - } - } - /** * Check, whether there is the possibility that the given signature was created by the given key. - * This method throws a {@link SignatureValidationException} if we can say with certainty that the signature + * {@link #verify(PGPSignature)} throws a {@link SignatureValidationException} if we can say with certainty that the signature * was not created by the given key (e.g. if the sig carries another issuer, issuer fingerprint packet). * * If there is no information found in the signature about who created it (no issuer, no fingerprint), - * return true since it is plausible that the given key created the sig. + * {@link #verify(PGPSignature)} will simply return since it is plausible that the given key created the sig. * * @param signingKey signing key - * @param signature signature - * @return true only if the signing key either created the signature or the signature doesn't carry signer information - * @throws SignatureValidationException if the sig was not created by the key + * @return validator that throws a {@link SignatureValidationException} if the signature was not possibly made by the given key. */ - public static boolean verifyWasPossiblyMadeByKey(PGPPublicKey signingKey, PGPSignature signature) throws SignatureValidationException { - OpenPgpV4Fingerprint signingKeyFingerprint = new OpenPgpV4Fingerprint(signingKey); + public static SignatureValidator wasPossiblyMadeByKey(PGPPublicKey signingKey) { + return new SignatureValidator() { + @Override + public void verify(PGPSignature signature) throws SignatureValidationException { + OpenPgpV4Fingerprint signingKeyFingerprint = new OpenPgpV4Fingerprint(signingKey); - Long issuer = SignatureSubpacketsUtil.getIssuerKeyIdAsLong(signature); - if (issuer != null) { - if (issuer != signingKey.getKeyID()) { - throw new SignatureValidationException("Signature was not created by " + signingKeyFingerprint + " (signature issuer: " + Long.toHexString(issuer) + ")"); - } else { - return true; + Long issuer = SignatureSubpacketsUtil.getIssuerKeyIdAsLong(signature); + if (issuer != null) { + if (issuer != signingKey.getKeyID()) { + throw new SignatureValidationException("Signature was not created by " + signingKeyFingerprint + " (signature issuer: " + Long.toHexString(issuer) + ")"); + } + } + + OpenPgpV4Fingerprint fingerprint = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpV4Fingerprint(signature); + if (fingerprint != null) { + if (!fingerprint.equals(signingKeyFingerprint)) { + throw new SignatureValidationException("Signature was not created by " + signingKeyFingerprint + " (signature fingerprint: " + fingerprint + ")"); + } + } + + // No issuer information found, so we cannot rule out that we did not create the sig } - } + }; - OpenPgpV4Fingerprint fingerprint = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpV4Fingerprint(signature); - if (fingerprint != null) { - if (!fingerprint.equals(signingKeyFingerprint)) { - throw new SignatureValidationException("Signature was not created by " + signingKeyFingerprint + " (signature fingerprint: " + fingerprint + ")"); - } else { - return true; - } - } - - // No issuer information found, so we cannot rule out that we did not create the sig - return true; - } - - /** - * Verify a certification self-signature over a user-id. - * - * @param userId user-id - * @param signature certification signature - * @param primaryKey primary key - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if the self-signature is verified successfully - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifyUserIdCertification(String userId, PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) - throws SignatureValidationException { - return verifyUserIdCertification(userId, signature, primaryKey, primaryKey, policy, validationDate); - } - - /** - * Verify a user-id certification. - * - * @param userId user-id - * @param signature certification signature - * @param signingKey key that created the certification - * @param keyWithUserId primary key that carries the user-id - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if signature verification is successful - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifyUserIdCertification(String userId, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserId, Policy policy, Date validationDate) - throws SignatureValidationException { - signatureIsCertification().verify(signature); - signatureStructureIsAcceptable(signingKey, policy).verify(signature); - signatureIsEffective(validationDate).verify(signature); - correctSignatureOverUserId(userId, keyWithUserId, signingKey).verify(signature); - - return true; - } - - /** - * Verify a user-id revocation self-signature. - * - * @param userId user-id - * @param signature user-id revocation signature - * @param primaryKey primary key - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if the user-id revocation signature is successfully verified - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifyUserIdRevocation(String userId, PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) - throws SignatureValidationException { - return verifyUserIdRevocation(userId, signature, primaryKey, primaryKey, policy, validationDate); - } - - /** - * Verify a user-id revocation signature. - * - * @param userId user-id - * @param signature revocation signature - * @param signingKey key that created the revocation signature - * @param keyWithUserId primary key carrying the user-id - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if the user-id revocation signature is successfully verified - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifyUserIdRevocation(String userId, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserId, Policy policy, Date validationDate) - throws SignatureValidationException { - signatureIsOfType(SignatureType.CERTIFICATION_REVOCATION).verify(signature); - signatureStructureIsAcceptable(signingKey, policy).verify(signature); - signatureIsEffective(validationDate).verify(signature); - correctSignatureOverUserId(userId, keyWithUserId, signingKey).verify(signature); - - return true; - } - - /** - * Verify a certification self-signature over a user-attributes packet. - * - * @param userAttributes user attributes - * @param signature certification self-signature - * @param primaryKey primary key that carries the user-attributes - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if the signature can be verified successfully - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifyUserAttributesCertification(PGPUserAttributeSubpacketVector userAttributes, - PGPSignature signature, PGPPublicKey primaryKey, - Policy policy, Date validationDate) - throws SignatureValidationException { - return verifyUserAttributesCertification(userAttributes, signature, primaryKey, primaryKey, policy, validationDate); - } - - /** - * Verify a certification signature over a user-attributes packet. - * - * @param userAttributes user attributes - * @param signature certification signature - * @param signingKey key that created the user-attributes certification - * @param keyWithUserAttributes key that carries the user-attributes certification - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if the signature can be verified successfully - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifyUserAttributesCertification(PGPUserAttributeSubpacketVector userAttributes, - PGPSignature signature, PGPPublicKey signingKey, - PGPPublicKey keyWithUserAttributes, Policy policy, - Date validationDate) - throws SignatureValidationException { - signatureIsCertification().verify(signature); - signatureStructureIsAcceptable(signingKey, policy).verify(signature); - signatureIsEffective(validationDate).verify(signature); - correctSignatureOverUserAttributes(userAttributes, keyWithUserAttributes, signingKey).verify(signature); - - return true; - } - - /** - * Verify a user-attributes revocation self-signature. - * - * @param userAttributes user-attributes - * @param signature user-attributes revocation signature - * @param primaryKey primary key that carries the user-attributes - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if the revocation signature can be verified successfully - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifyUserAttributesRevocation(PGPUserAttributeSubpacketVector userAttributes, - PGPSignature signature, PGPPublicKey primaryKey, - Policy policy, Date validationDate) - throws SignatureValidationException { - return verifyUserAttributesRevocation(userAttributes, signature, primaryKey, primaryKey, policy, validationDate); - } - - /** - * Verify a user-attributes revocation signature. - * - * @param userAttributes user-attributes - * @param signature revocation signature - * @param signingKey revocation key - * @param keyWithUserAttributes key that carries the user-attributes - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if the revocation signature can be verified successfully - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifyUserAttributesRevocation(PGPUserAttributeSubpacketVector userAttributes, - PGPSignature signature, PGPPublicKey signingKey, - PGPPublicKey keyWithUserAttributes, Policy policy, - Date validationDate) - throws SignatureValidationException { - signatureIsOfType(SignatureType.CERTIFICATION_REVOCATION).verify(signature); - signatureStructureIsAcceptable(signingKey, policy).verify(signature); - signatureIsEffective(validationDate).verify(signature); - correctSignatureOverUserAttributes(userAttributes, keyWithUserAttributes, signingKey).verify(signature); - - return true; - } - - /** - * Verify a subkey binding signature. - * - * @param signature binding signature - * @param primaryKey primary key - * @param subkey subkey - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if the binding signature can be verified successfully - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifySubkeyBindingSignature(PGPSignature signature, PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) - throws SignatureValidationException { - signatureIsOfType(SignatureType.SUBKEY_BINDING).verify(signature); - signatureStructureIsAcceptable(primaryKey, policy).verify(signature); - signatureIsEffective(validationDate).verify(signature); - hasValidPrimaryKeyBindingSignatureIfRequired(primaryKey, subkey, policy, validationDate).verify(signature); - correctSubkeyBindingSignature(primaryKey, subkey).verify(signature); - - return true; - } - - /** - * Verify a subkey revocation signature. - * - * @param signature subkey revocation signature - * @param primaryKey primary key - * @param subkey subkey - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if the subkey revocation signature can be verified successfully - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifySubkeyBindingRevocation(PGPSignature signature, PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) throws SignatureValidationException { - signatureIsOfType(SignatureType.SUBKEY_REVOCATION).verify(signature); - signatureStructureIsAcceptable(primaryKey, policy).verify(signature); - signatureIsEffective(validationDate).verify(signature); - correctSignatureOverKey(primaryKey, subkey).verify(signature); - - return true; - } - - /** - * Verify a direct-key self-signature. - * - * @param signature signature - * @param primaryKey primary key - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if the signature can be verified successfully - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifyDirectKeySignature(PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) - throws SignatureValidationException { - return verifyDirectKeySignature(signature, primaryKey, primaryKey, policy, validationDate); - } - - /** - * Verify a direct-key signature. - * - * @param signature signature - * @param signingKey signing key - * @param signedKey signed key - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if signature verification is successful - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifyDirectKeySignature(PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey signedKey, Policy policy, Date validationDate) - throws SignatureValidationException { - signatureIsOfType(SignatureType.DIRECT_KEY).verify(signature); - signatureStructureIsAcceptable(signingKey, policy).verify(signature); - signatureIsEffective(validationDate).verify(signature); - correctSignatureOverKey(signingKey, signedKey).verify(signature); - - return true; - } - - /** - * Verify a key revocation signature. - * - * @param signature signature - * @param primaryKey primary key - * @param policy policy - * @param validationDate reference date for signature verification - * @return true if signature verification is successful - * - * @throws SignatureValidationException if signature verification fails for some reason - */ - public static boolean verifyKeyRevocationSignature(PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) - throws SignatureValidationException { - signatureIsOfType(SignatureType.KEY_REVOCATION).verify(signature); - signatureStructureIsAcceptable(primaryKey, policy).verify(signature); - signatureIsEffective(validationDate).verify(signature); - correctSignatureOverKey(primaryKey, primaryKey).verify(signature); - - return true; } /** @@ -510,7 +100,7 @@ public abstract class SignatureValidator { * @param validationDate reference date for signature verification * @return validator */ - private static SignatureValidator hasValidPrimaryKeyBindingSignatureIfRequired(PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) { + public static SignatureValidator hasValidPrimaryKeyBindingSignatureIfRequired(PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) { return new SignatureValidator() { @Override public void verify(PGPSignature signature) throws SignatureValidationException { diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureVerifier.java b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureVerifier.java new file mode 100644 index 00000000..8f6f79c2 --- /dev/null +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureVerifier.java @@ -0,0 +1,451 @@ +/* + * Copyright 2021 Paul Schaub. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.pgpainless.signature; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Date; + +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPPublicKey; +import org.bouncycastle.openpgp.PGPSignature; +import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector; +import org.pgpainless.algorithm.SignatureType; +import org.pgpainless.exception.SignatureValidationException; +import org.pgpainless.implementation.ImplementationFactory; +import org.pgpainless.policy.Policy; + +/** + * Collection of static methods for signature verification. + * Signature verification entails validation of certain criteria (see {@link SignatureValidator}, as well as + * cryptographic verification of signature correctness. + */ +public final class SignatureVerifier { + + private SignatureVerifier() { + + } + + /** + * Verify a signature (certification or revocation) over a user-id. + * + * @param userId user-id + * @param signature certification signature + * @param signingKey key that created the certification + * @param keyWithUserId key carrying the user-id + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if signature verification is successful + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifySignatureOverUserId(String userId, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserId, Policy policy, Date validationDate) + throws SignatureValidationException { + SignatureType type = SignatureType.valueOf(signature.getSignatureType()); + switch (type) { + case GENERIC_CERTIFICATION: + case NO_CERTIFICATION: + case CASUAL_CERTIFICATION: + case POSITIVE_CERTIFICATION: + return verifyUserIdCertification(userId, signature, signingKey, keyWithUserId, policy, validationDate); + case CERTIFICATION_REVOCATION: + return verifyUserIdRevocation(userId, signature, signingKey, keyWithUserId, policy, validationDate); + default: + throw new SignatureValidationException("Signature is not a valid user-id certification/revocation signature: " + type); + } + } + + /** + * Verify a certification self-signature over a user-id. + * + * @param userId user-id + * @param signature certification signature + * @param primaryKey primary key + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if the self-signature is verified successfully + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifyUserIdCertification(String userId, PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) + throws SignatureValidationException { + return verifyUserIdCertification(userId, signature, primaryKey, primaryKey, policy, validationDate); + } + + /** + * Verify a user-id certification. + * + * @param userId user-id + * @param signature certification signature + * @param signingKey key that created the certification + * @param keyWithUserId primary key that carries the user-id + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if signature verification is successful + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifyUserIdCertification(String userId, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserId, Policy policy, Date validationDate) + throws SignatureValidationException { + SignatureValidator.signatureIsCertification().verify(signature); + SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); + SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.correctSignatureOverUserId(userId, keyWithUserId, signingKey).verify(signature); + + return true; + } + + /** + * Verify a user-id revocation self-signature. + * + * @param userId user-id + * @param signature user-id revocation signature + * @param primaryKey primary key + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if the user-id revocation signature is successfully verified + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifyUserIdRevocation(String userId, PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) + throws SignatureValidationException { + return verifyUserIdRevocation(userId, signature, primaryKey, primaryKey, policy, validationDate); + } + + /** + * Verify a user-id revocation signature. + * + * @param userId user-id + * @param signature revocation signature + * @param signingKey key that created the revocation signature + * @param keyWithUserId primary key carrying the user-id + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if the user-id revocation signature is successfully verified + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifyUserIdRevocation(String userId, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserId, Policy policy, Date validationDate) + throws SignatureValidationException { + SignatureValidator.signatureIsOfType(SignatureType.CERTIFICATION_REVOCATION).verify(signature); + SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); + SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.correctSignatureOverUserId(userId, keyWithUserId, signingKey).verify(signature); + + return true; + } + + /** + * Verify a certification self-signature over a user-attributes packet. + * + * @param userAttributes user attributes + * @param signature certification self-signature + * @param primaryKey primary key that carries the user-attributes + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if the signature can be verified successfully + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifyUserAttributesCertification(PGPUserAttributeSubpacketVector userAttributes, + PGPSignature signature, PGPPublicKey primaryKey, + Policy policy, Date validationDate) + throws SignatureValidationException { + return verifyUserAttributesCertification(userAttributes, signature, primaryKey, primaryKey, policy, validationDate); + } + + /** + * Verify a certification signature over a user-attributes packet. + * + * @param userAttributes user attributes + * @param signature certification signature + * @param signingKey key that created the user-attributes certification + * @param keyWithUserAttributes key that carries the user-attributes certification + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if the signature can be verified successfully + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifyUserAttributesCertification(PGPUserAttributeSubpacketVector userAttributes, + PGPSignature signature, PGPPublicKey signingKey, + PGPPublicKey keyWithUserAttributes, Policy policy, + Date validationDate) + throws SignatureValidationException { + SignatureValidator.signatureIsCertification().verify(signature); + SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); + SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.correctSignatureOverUserAttributes(userAttributes, keyWithUserAttributes, signingKey).verify(signature); + + return true; + } + + /** + * Verify a user-attributes revocation self-signature. + * + * @param userAttributes user-attributes + * @param signature user-attributes revocation signature + * @param primaryKey primary key that carries the user-attributes + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if the revocation signature can be verified successfully + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifyUserAttributesRevocation(PGPUserAttributeSubpacketVector userAttributes, + PGPSignature signature, PGPPublicKey primaryKey, + Policy policy, Date validationDate) + throws SignatureValidationException { + return verifyUserAttributesRevocation(userAttributes, signature, primaryKey, primaryKey, policy, validationDate); + } + + /** + * Verify a user-attributes revocation signature. + * + * @param userAttributes user-attributes + * @param signature revocation signature + * @param signingKey revocation key + * @param keyWithUserAttributes key that carries the user-attributes + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if the revocation signature can be verified successfully + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifyUserAttributesRevocation(PGPUserAttributeSubpacketVector userAttributes, + PGPSignature signature, PGPPublicKey signingKey, + PGPPublicKey keyWithUserAttributes, Policy policy, + Date validationDate) + throws SignatureValidationException { + SignatureValidator.signatureIsOfType(SignatureType.CERTIFICATION_REVOCATION).verify(signature); + SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); + SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.correctSignatureOverUserAttributes(userAttributes, keyWithUserAttributes, signingKey).verify(signature); + + return true; + } + + /** + * Verify a subkey binding signature. + * + * @param signature binding signature + * @param primaryKey primary key + * @param subkey subkey + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if the binding signature can be verified successfully + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifySubkeyBindingSignature(PGPSignature signature, PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) + throws SignatureValidationException { + SignatureValidator.signatureIsOfType(SignatureType.SUBKEY_BINDING).verify(signature); + SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature); + SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.hasValidPrimaryKeyBindingSignatureIfRequired(primaryKey, subkey, policy, validationDate).verify(signature); + SignatureValidator.correctSubkeyBindingSignature(primaryKey, subkey).verify(signature); + + return true; + } + + /** + * Verify a subkey revocation signature. + * + * @param signature subkey revocation signature + * @param primaryKey primary key + * @param subkey subkey + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if the subkey revocation signature can be verified successfully + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifySubkeyBindingRevocation(PGPSignature signature, PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) throws SignatureValidationException { + SignatureValidator.signatureIsOfType(SignatureType.SUBKEY_REVOCATION).verify(signature); + SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature); + SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.correctSignatureOverKey(primaryKey, subkey).verify(signature); + + return true; + } + + /** + * Verify a direct-key self-signature. + * + * @param signature signature + * @param primaryKey primary key + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if the signature can be verified successfully + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifyDirectKeySignature(PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) + throws SignatureValidationException { + return verifyDirectKeySignature(signature, primaryKey, primaryKey, policy, validationDate); + } + + /** + * Verify a direct-key signature. + * + * @param signature signature + * @param signingKey signing key + * @param signedKey signed key + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if signature verification is successful + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifyDirectKeySignature(PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey signedKey, Policy policy, Date validationDate) + throws SignatureValidationException { + SignatureValidator.signatureIsOfType(SignatureType.DIRECT_KEY).verify(signature); + SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); + SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.correctSignatureOverKey(signingKey, signedKey).verify(signature); + + return true; + } + + /** + * Verify a key revocation signature. + * + * @param signature signature + * @param primaryKey primary key + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if signature verification is successful + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifyKeyRevocationSignature(PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) + throws SignatureValidationException { + SignatureValidator.signatureIsOfType(SignatureType.KEY_REVOCATION).verify(signature); + SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature); + SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.correctSignatureOverKey(primaryKey, primaryKey).verify(signature); + + return true; + } + + /** + * Initialize a signature and verify it afterwards by updating it with the signed data. + * + * @param signature OpenPGP signature + * @param signedData input stream containing the signed data + * @param signingKey the key that created the signature + * @param policy policy + * @param validationDate reference date of signature verification + * @return true if the signature is successfully verified + * + * @throws SignatureValidationException if the signature verification fails for some reason + */ + public static boolean verifyUninitializedSignature(PGPSignature signature, InputStream signedData, PGPPublicKey signingKey, Policy policy, Date validationDate) throws SignatureValidationException { + initializeSignatureAndUpdateWithSignedData(signature, signedData, signingKey); + return verifyInitializedSignature(signature, signingKey, policy, validationDate); + } + + /** + * Initialize a signature and then update it with the signed data from the given {@link InputStream}. + * + * @param signature OpenPGP signature + * @param signedData input stream containing signed data + * @param signingKey key that created the signature + * + * @throws SignatureValidationException in case the signature cannot be verified for some reason + */ + public static void initializeSignatureAndUpdateWithSignedData(PGPSignature signature, InputStream signedData, PGPPublicKey signingKey) + throws SignatureValidationException { + try { + signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey); + int read; + byte[] buf = new byte[8192]; + while ((read = signedData.read(buf)) != -1) { + signature.update(buf, 0, read); + } + } catch (PGPException e) { + throw new SignatureValidationException("Cannot init signature.", e); + } catch (IOException e) { + throw new SignatureValidationException("Cannot update signature.", e); + } + } + + /** + * Verify an initialized signature. + * An initialized signature was already updated with the signed data. + * + * @param signature OpenPGP signature + * @param signingKey key that created the signature + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if signature is verified successfully + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifyInitializedSignature(PGPSignature signature, PGPPublicKey signingKey, Policy policy, Date validationDate) + throws SignatureValidationException { + SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature); + SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); + SignatureValidator.signatureIsEffective(validationDate).verify(signature); + + try { + if (!signature.verify()) { + throw new SignatureValidationException("Signature is not correct."); + } + return true; + } catch (PGPException e) { + throw new SignatureValidationException("Could not verify signature correctness.", e); + } + } + + public static boolean verifyOnePassSignature(PGPSignature signature, PGPPublicKey signingKey, OnePassSignature onePassSignature, Policy policy) + throws SignatureValidationException { + try { + SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature); + SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); + SignatureValidator.signatureIsEffective().verify(signature); + } catch (SignatureValidationException e) { + throw new SignatureValidationException("Signature is not valid: " + e.getMessage(), e); + } + + try { + if (!onePassSignature.verify(signature)) { + throw new SignatureValidationException("Bad signature of key " + Long.toHexString(signingKey.getKeyID())); + } + } catch (PGPException e) { + throw new SignatureValidationException("Could not verify correctness of One-Pass-Signature: " + e.getMessage(), e); + } + + return true; + } + + /** + * Verify a signature (certification or revocation) over a user-id. + * + * @param userId user-id + * @param signature self-signature + * @param primaryKey primary key that created the signature + * @param policy policy + * @param validationDate reference date for signature verification + * @return true if the signature is successfully verified + * + * @throws SignatureValidationException if signature verification fails for some reason + */ + public static boolean verifySignatureOverUserId(String userId, PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) + throws SignatureValidationException { + return verifySignatureOverUserId(userId, signature, primaryKey, primaryKey, policy, validationDate); + } +} diff --git a/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureWasPossibleyMadeByKeyTest.java b/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureWasPossiblyMadeByKeyTest.java similarity index 91% rename from pgpainless-core/src/test/java/org/pgpainless/signature/SignatureWasPossibleyMadeByKeyTest.java rename to pgpainless-core/src/test/java/org/pgpainless/signature/SignatureWasPossiblyMadeByKeyTest.java index da688f81..a7485f3b 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureWasPossibleyMadeByKeyTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureWasPossiblyMadeByKeyTest.java @@ -16,7 +16,6 @@ package org.pgpainless.signature; import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.fail; import java.io.IOException; @@ -30,7 +29,7 @@ import org.pgpainless.PGPainless; import org.pgpainless.exception.SignatureValidationException; import org.pgpainless.key.OpenPgpV4Fingerprint; -public class SignatureWasPossibleyMadeByKeyTest { +public class SignatureWasPossiblyMadeByKeyTest { public static PGPPublicKeyRing CERT; public static PGPPublicKey SIGKEY; @@ -103,7 +102,7 @@ public class SignatureWasPossibleyMadeByKeyTest { "cqP71SMuOwD+JNuWQCd4e1WaTWNXrB1xerzmuWFc\n" + "=4ZFC\n" + "-----END PGP SIGNATURE-----"; - assertTrue(SignatureValidator.verifyWasPossiblyMadeByKey(SIGKEY, get(sigWithIssuer))); + assertWasPossiblyMadeByKey(SIGKEY, get(sigWithIssuer)); } @Test @@ -123,7 +122,7 @@ public class SignatureWasPossibleyMadeByKeyTest { "Q0Quxar3DOTtNNQVrXeoeIlVGue0pNCwg6abDj5N\n" + "=IcX1\n" + "-----END PGP SIGNATURE-----\n"; - assertTrue(SignatureValidator.verifyWasPossiblyMadeByKey(SIGKEY, get(sigWithHashedIssuer))); + assertWasPossiblyMadeByKey(SIGKEY, get(sigWithHashedIssuer)); } @Test @@ -144,7 +143,7 @@ public class SignatureWasPossibleyMadeByKeyTest { "-----END PGP SIGNATURE-----"; - assertTrue(SignatureValidator.verifyWasPossiblyMadeByKey(SIGKEY, get(sigWithNoIssuerNoFingerprint))); + assertWasPossiblyMadeByKey(SIGKEY, get(sigWithNoIssuerNoFingerprint)); } @Test @@ -165,11 +164,11 @@ public class SignatureWasPossibleyMadeByKeyTest { "=LBou\n" + "-----END PGP SIGNATURE-----\n"; - assertTrue(SignatureValidator.verifyWasPossiblyMadeByKey(SIGKEY, get(sigWithNoIssuerUnhashedFingerprint))); + assertWasPossiblyMadeByKey(SIGKEY, get(sigWithNoIssuerUnhashedFingerprint)); } @Test - public void issuerMismatch() { + public void issuerMismatch() throws PGPException, IOException { String sig = "-----BEGIN PGP SIGNATURE-----\n" + "\n" + "wsE7BAABCABlBYJgyf21RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEt\n" + @@ -185,11 +184,11 @@ public class SignatureWasPossibleyMadeByKeyTest { "cqP71SMuOwD+JNuWQCd4e1WaTWNXrB1xerzmuWFc\n" + "=4ZFC\n" + "-----END PGP SIGNATURE-----"; - assertThrows(SignatureValidationException.class, () -> SignatureValidator.verifyWasPossiblyMadeByKey(NOSIGKEY, get(sig))); + assertWasNotPossiblyMadeByKey(NOSIGKEY, get(sig)); } @Test - public void noIssuer_fingerprintMismatch() { + public void noIssuer_fingerprintMismatch() throws PGPException, IOException { String sigWithNoIssuerAndWrongFingerprint = "-----BEGIN PGP SIGNATURE-----\n" + "\n" + "wsExBAABCABlBYJgyf21RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEt\n" + @@ -206,10 +205,19 @@ public class SignatureWasPossibleyMadeByKeyTest { "=A/zE\n" + "-----END PGP SIGNATURE-----\n"; - assertThrows(SignatureValidationException.class, () -> SignatureValidator.verifyWasPossiblyMadeByKey(NOSIGKEY, get(sigWithNoIssuerAndWrongFingerprint))); + assertWasNotPossiblyMadeByKey(NOSIGKEY, get(sigWithNoIssuerAndWrongFingerprint)); } private PGPSignature get(String encoded) throws PGPException, IOException { return SignatureUtils.readSignatures(encoded).get(0); } + + private void assertWasPossiblyMadeByKey(PGPPublicKey signatureKey, PGPSignature signature) throws SignatureValidationException { + SignatureValidator.wasPossiblyMadeByKey(signatureKey).verify(signature); + } + + private void assertWasNotPossiblyMadeByKey(PGPPublicKey signatureKey, PGPSignature signature) { + assertThrows(SignatureValidationException.class, () -> assertWasPossiblyMadeByKey(signatureKey, signature)); + } + }