From 6ac019a42088eb71291f484da9727767ac49b13c Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Fri, 21 Jul 2023 17:30:11 +0200
Subject: [PATCH] Add isAuthenticatablySignedBy() to MessageMetadata

---
 .../MessageMetadata.java                      | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/MessageMetadata.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/MessageMetadata.java
index 146c165d..4b55f268 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/MessageMetadata.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/MessageMetadata.java
@@ -18,6 +18,8 @@ import org.bouncycastle.openpgp.PGPPublicKey;
 import org.pgpainless.algorithm.CompressionAlgorithm;
 import org.pgpainless.algorithm.StreamEncoding;
 import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
+import org.pgpainless.authentication.CertificateAuthenticity;
+import org.pgpainless.authentication.CertificateAuthority;
 import org.pgpainless.exception.MalformedOpenPgpMessageException;
 import org.pgpainless.key.SubkeyIdentifier;
 import org.pgpainless.util.SessionKey;
@@ -92,6 +94,39 @@ public class MessageMetadata {
         return false;
     }
 
+    /**
+     * Return true, if the message was signed by a certificate for which we can authenticate a binding to the given userId.
+     *
+     * @param userId userId
+     * @param email if true, treat the user-id as an email address and match all userIDs containing this address
+     * @param certificateAuthority certificate authority
+     * @return true, if we can authenticate a binding for a signing key with sufficient evidence
+     */
+    public boolean isAuthenticatablySignedBy(String userId, boolean email, CertificateAuthority certificateAuthority) {
+        return isAuthenticatablySignedBy(userId, email, certificateAuthority, 120);
+    }
+
+    /**
+     * Return true, if the message was signed by a certificate for which we can authenticate a binding to the given userId.
+     *
+     * @param userId userId
+     * @param email if true, treat the user-id as an email address and match all userIDs containing this address
+     * @param certificateAuthority certificate authority
+     * @param targetAmount target trust amount
+     * @return true, if we can authenticate a binding for a signing key with sufficient evidence
+     */
+    public boolean isAuthenticatablySignedBy(String userId, boolean email, CertificateAuthority certificateAuthority, int targetAmount) {
+        for (SignatureVerification verification : getVerifiedSignatures()) {
+            CertificateAuthenticity authenticity = certificateAuthority.authenticateBinding(
+                    verification.getSigningKey().getFingerprint(), userId, email,
+                    verification.getSignature().getCreationTime(), targetAmount);
+            if (authenticity.isAuthenticated()) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     /**
      * Return a list containing all recipient keyIDs.
      *