Add isAuthenticatablySignedBy() to MessageMetadata

2024-11-17 18:02:05 +01:00 · 2023-07-21 17:30:11 +02:00 · 2023-07-21 17:30:11 +02:00 · 6ac019a420
commit 6ac019a420
parent 44690d063c
1 changed files with 35 additions and 0 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/MessageMetadata.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/MessageMetadata.java
@ -18,6 +18,8 @@ import org.bouncycastle.openpgp.PGPPublicKey;
 import org.pgpainless.algorithm.CompressionAlgorithm;
 import org.pgpainless.algorithm.StreamEncoding;
 import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
+import org.pgpainless.authentication.CertificateAuthenticity;
+import org.pgpainless.authentication.CertificateAuthority;
 import org.pgpainless.exception.MalformedOpenPgpMessageException;
 import org.pgpainless.key.SubkeyIdentifier;
 import org.pgpainless.util.SessionKey;
@ -92,6 +94,39 @@ public class MessageMetadata {
        return false;
    }

+    /**
+     * Return true, if the message was signed by a certificate for which we can authenticate a binding to the given userId.
+     *
+     * @param userId userId
+     * @param email if true, treat the user-id as an email address and match all userIDs containing this address
+     * @param certificateAuthority certificate authority
+     * @return true, if we can authenticate a binding for a signing key with sufficient evidence
+     */
+    public boolean isAuthenticatablySignedBy(String userId, boolean email, CertificateAuthority certificateAuthority) {
+        return isAuthenticatablySignedBy(userId, email, certificateAuthority, 120);
+    }
+
+    /**
+     * Return true, if the message was signed by a certificate for which we can authenticate a binding to the given userId.
+     *
+     * @param userId userId
+     * @param email if true, treat the user-id as an email address and match all userIDs containing this address
+     * @param certificateAuthority certificate authority
+     * @param targetAmount target trust amount
+     * @return true, if we can authenticate a binding for a signing key with sufficient evidence
+     */
+    public boolean isAuthenticatablySignedBy(String userId, boolean email, CertificateAuthority certificateAuthority, int targetAmount) {
+        for (SignatureVerification verification : getVerifiedSignatures()) {
+            CertificateAuthenticity authenticity = certificateAuthority.authenticateBinding(
+                    verification.getSigningKey().getFingerprint(), userId, email,
+                    verification.getSignature().getCreationTime(), targetAmount);
+            if (authenticity.isAuthenticated()) {
+                return true;
+            }
+        }
+        return false;
+    }
+
    /**
     * Return a list containing all recipient keyIDs.
     *