1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-18 02:12:06 +01:00

Add isAuthenticatablySignedBy() to MessageMetadata

This commit is contained in:
Paul Schaub 2023-07-21 17:30:11 +02:00
parent 44690d063c
commit 6ac019a420
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -18,6 +18,8 @@ import org.bouncycastle.openpgp.PGPPublicKey;
import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.StreamEncoding;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.authentication.CertificateAuthenticity;
import org.pgpainless.authentication.CertificateAuthority;
import org.pgpainless.exception.MalformedOpenPgpMessageException;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.util.SessionKey;
@ -92,6 +94,39 @@ public class MessageMetadata {
return false;
}
/**
* Return true, if the message was signed by a certificate for which we can authenticate a binding to the given userId.
*
* @param userId userId
* @param email if true, treat the user-id as an email address and match all userIDs containing this address
* @param certificateAuthority certificate authority
* @return true, if we can authenticate a binding for a signing key with sufficient evidence
*/
public boolean isAuthenticatablySignedBy(String userId, boolean email, CertificateAuthority certificateAuthority) {
return isAuthenticatablySignedBy(userId, email, certificateAuthority, 120);
}
/**
* Return true, if the message was signed by a certificate for which we can authenticate a binding to the given userId.
*
* @param userId userId
* @param email if true, treat the user-id as an email address and match all userIDs containing this address
* @param certificateAuthority certificate authority
* @param targetAmount target trust amount
* @return true, if we can authenticate a binding for a signing key with sufficient evidence
*/
public boolean isAuthenticatablySignedBy(String userId, boolean email, CertificateAuthority certificateAuthority, int targetAmount) {
for (SignatureVerification verification : getVerifiedSignatures()) {
CertificateAuthenticity authenticity = certificateAuthority.authenticateBinding(
verification.getSigningKey().getFingerprint(), userId, email,
verification.getSignature().getCreationTime(), targetAmount);
if (authenticity.isAuthenticated()) {
return true;
}
}
return false;
}
/**
* Return a list containing all recipient keyIDs.
*