From 7e0b1b344c1aee0af35a6b997b369f1a92ef1aa1 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 24 Jun 2022 12:47:35 +0200 Subject: [PATCH] s/{validation|evaluation}Date/referenceTime/g --- .../org/pgpainless/key/info/KeyRingInfo.java | 20 +-- .../consumer/SignatureValidator.java | 136 +++++++++++------ .../signature/consumer/SignatureVerifier.java | 141 ++++++++++-------- 3 files changed, 179 insertions(+), 118 deletions(-) diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java b/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java index 9d761e38..7999b592 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java @@ -56,7 +56,7 @@ public class KeyRingInfo { private final PGPKeyRing keys; private final Signatures signatures; - private final Date evaluationDate; + private final Date referenceDate; private final String primaryUserId; /** @@ -99,7 +99,7 @@ public class KeyRingInfo { public KeyRingInfo(PGPKeyRing keys, Policy policy, Date validationDate) { this.keys = keys; this.signatures = new Signatures(keys, validationDate, policy); - this.evaluationDate = validationDate; + this.referenceDate = validationDate; this.primaryUserId = findPrimaryUserId(); } @@ -413,7 +413,7 @@ public class KeyRingInfo { } if (certification.getHashedSubPackets().isPrimaryUserID()) { Date keyExpiration = SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(certification, keys.getPublicKey()); - if (keyExpiration != null && evaluationDate.after(keyExpiration)) { + if (keyExpiration != null && referenceDate.after(keyExpiration)) { return false; } } @@ -1097,9 +1097,9 @@ public class KeyRingInfo { private final Map subkeyRevocations; private final Map subkeyBindings; - public Signatures(PGPKeyRing keyRing, Date evaluationDate, Policy policy) { - primaryKeyRevocation = SignaturePicker.pickCurrentRevocationSelfSignature(keyRing, policy, evaluationDate); - primaryKeySelfSignature = SignaturePicker.pickLatestDirectKeySignature(keyRing, policy, evaluationDate); + public Signatures(PGPKeyRing keyRing, Date referenceDate, Policy policy) { + primaryKeyRevocation = SignaturePicker.pickCurrentRevocationSelfSignature(keyRing, policy, referenceDate); + primaryKeySelfSignature = SignaturePicker.pickLatestDirectKeySignature(keyRing, policy, referenceDate); userIdRevocations = new HashMap<>(); userIdCertifications = new HashMap<>(); subkeyRevocations = new HashMap<>(); @@ -1107,11 +1107,11 @@ public class KeyRingInfo { for (Iterator it = keyRing.getPublicKey().getUserIDs(); it.hasNext(); ) { String userId = it.next(); - PGPSignature revocation = SignaturePicker.pickCurrentUserIdRevocationSignature(keyRing, userId, policy, evaluationDate); + PGPSignature revocation = SignaturePicker.pickCurrentUserIdRevocationSignature(keyRing, userId, policy, referenceDate); if (revocation != null) { userIdRevocations.put(userId, revocation); } - PGPSignature certification = SignaturePicker.pickLatestUserIdCertificationSignature(keyRing, userId, policy, evaluationDate); + PGPSignature certification = SignaturePicker.pickLatestUserIdCertificationSignature(keyRing, userId, policy, referenceDate); if (certification != null) { userIdCertifications.put(userId, certification); } @@ -1121,11 +1121,11 @@ public class KeyRingInfo { keys.next(); // Skip primary key while (keys.hasNext()) { PGPPublicKey subkey = keys.next(); - PGPSignature subkeyRevocation = SignaturePicker.pickCurrentSubkeyBindingRevocationSignature(keyRing, subkey, policy, evaluationDate); + PGPSignature subkeyRevocation = SignaturePicker.pickCurrentSubkeyBindingRevocationSignature(keyRing, subkey, policy, referenceDate); if (subkeyRevocation != null) { subkeyRevocations.put(subkey.getKeyID(), subkeyRevocation); } - PGPSignature subkeyBinding = SignaturePicker.pickLatestSubkeyBindingSignature(keyRing, subkey, policy, evaluationDate); + PGPSignature subkeyBinding = SignaturePicker.pickLatestSubkeyBindingSignature(keyRing, subkey, policy, referenceDate); if (subkeyBinding != null) { subkeyBindings.put(subkey.getKeyID(), subkeyBinding); } diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java index 6a10e1f3..56614f4f 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java @@ -44,14 +44,15 @@ public abstract class SignatureValidator { /** * Check, whether there is the possibility that the given signature was created by the given key. - * {@link #verify(PGPSignature)} throws a {@link SignatureValidationException} if we can say with certainty that the signature - * was not created by the given key (e.g. if the sig carries another issuer, issuer fingerprint packet). + * {@link #verify(PGPSignature)} throws a {@link SignatureValidationException} if we can say with certainty that + * the signature was not created by the given key (e.g. if the sig carries another issuer, issuer fingerprint packet). * * If there is no information found in the signature about who created it (no issuer, no fingerprint), * {@link #verify(PGPSignature)} will simply return since it is plausible that the given key created the sig. * * @param signingKey signing key - * @return validator that throws a {@link SignatureValidationException} if the signature was not possibly made by the given key. + * @return validator that throws a {@link SignatureValidationException} if the signature was not possibly made by + * the given key. */ public static SignatureValidator wasPossiblyMadeByKey(PGPPublicKey signingKey) { return new SignatureValidator() { @@ -62,14 +63,17 @@ public abstract class SignatureValidator { Long issuer = SignatureSubpacketsUtil.getIssuerKeyIdAsLong(signature); if (issuer != null) { if (issuer != signingKey.getKeyID()) { - throw new SignatureValidationException("Signature was not created by " + signingKeyFingerprint + " (signature issuer: " + Long.toHexString(issuer) + ")"); + throw new SignatureValidationException("Signature was not created by " + + signingKeyFingerprint + " (signature issuer: " + Long.toHexString(issuer) + ")"); } } - OpenPgpFingerprint fingerprint = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpFingerprint(signature); + OpenPgpFingerprint fingerprint = + SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpFingerprint(signature); if (fingerprint != null) { if (!fingerprint.equals(signingKeyFingerprint)) { - throw new SignatureValidationException("Signature was not created by " + signingKeyFingerprint + " (signature fingerprint: " + fingerprint + ")"); + throw new SignatureValidationException("Signature was not created by " + + signingKeyFingerprint + " (signature fingerprint: " + fingerprint + ")"); } } @@ -86,10 +90,12 @@ public abstract class SignatureValidator { * @param primaryKey primary key * @param subkey subkey * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return validator */ - public static SignatureValidator hasValidPrimaryKeyBindingSignatureIfRequired(PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) { + public static SignatureValidator hasValidPrimaryKeyBindingSignatureIfRequired(PGPPublicKey primaryKey, + PGPPublicKey subkey, Policy policy, + Date referenceDate) { return new SignatureValidator() { @Override public void verify(PGPSignature signature) throws SignatureValidationException { @@ -117,7 +123,7 @@ public abstract class SignatureValidator { try { signatureStructureIsAcceptable(subkey, policy).verify(embedded); - signatureIsEffective(validationDate).verify(embedded); + signatureIsEffective(referenceDate).verify(embedded); correctPrimaryKeyBindingSignature(primaryKey, subkey).verify(embedded); hasValidPrimaryKeyBinding = true; @@ -129,7 +135,9 @@ public abstract class SignatureValidator { } if (!hasValidPrimaryKeyBinding) { - throw new SignatureValidationException("Missing primary key binding signature on signing capable subkey " + Long.toHexString(subkey.getKeyID()), rejectedEmbeddedSigs); + throw new SignatureValidationException( + "Missing primary key binding signature on signing capable subkey " + + Long.toHexString(subkey.getKeyID()), rejectedEmbeddedSigs); } } catch (PGPException e) { throw new SignatureValidationException("Cannot process list of embedded signatures.", e); @@ -165,7 +173,8 @@ public abstract class SignatureValidator { * @param signingKey signing key * @return validator */ - private static SignatureValidator signatureUsesAcceptablePublicKeyAlgorithm(Policy policy, PGPPublicKey signingKey) { + private static SignatureValidator signatureUsesAcceptablePublicKeyAlgorithm(Policy policy, + PGPPublicKey signingKey) { return new SignatureValidator() { @Override public void verify(PGPSignature signature) throws SignatureValidationException { @@ -176,7 +185,8 @@ public abstract class SignatureValidator { } if (!policy.getPublicKeyAlgorithmPolicy().isAcceptable(algorithm, bitStrength)) { throw new SignatureValidationException("Signature was made using unacceptable key. " + - algorithm + " (" + bitStrength + " bits) is not acceptable according to the public key algorithm policy."); + algorithm + " (" + bitStrength + + " bits) is not acceptable according to the public key algorithm policy."); } } }; @@ -194,13 +204,16 @@ public abstract class SignatureValidator { public void verify(PGPSignature signature) throws SignatureValidationException { try { HashAlgorithm hashAlgorithm = HashAlgorithm.requireFromId(signature.getHashAlgorithm()); - Policy.HashAlgorithmPolicy hashAlgorithmPolicy = getHashAlgorithmPolicyForSignature(signature, policy); + Policy.HashAlgorithmPolicy hashAlgorithmPolicy = + getHashAlgorithmPolicyForSignature(signature, policy); if (!hashAlgorithmPolicy.isAcceptable(signature.getHashAlgorithm(), signature.getCreationTime())) { - throw new SignatureValidationException("Signature uses unacceptable hash algorithm " + hashAlgorithm + - " (Signature creation time: " + DateUtil.formatUTCDate(signature.getCreationTime()) + ")"); + throw new SignatureValidationException("Signature uses unacceptable hash algorithm " + + hashAlgorithm + " (Signature creation time: " + + DateUtil.formatUTCDate(signature.getCreationTime()) + ")"); } } catch (NoSuchElementException e) { - throw new SignatureValidationException("Signature uses unknown hash algorithm " + signature.getHashAlgorithm()); + throw new SignatureValidationException("Signature uses unknown hash algorithm " + + signature.getHashAlgorithm()); } } }; @@ -214,10 +227,12 @@ public abstract class SignatureValidator { * @param policy revocation policy for revocation sigs, normal policy for non-rev sigs * @return policy */ - private static Policy.HashAlgorithmPolicy getHashAlgorithmPolicyForSignature(PGPSignature signature, Policy policy) { + private static Policy.HashAlgorithmPolicy getHashAlgorithmPolicyForSignature(PGPSignature signature, + Policy policy) { SignatureType type = SignatureType.valueOf(signature.getSignatureType()); Policy.HashAlgorithmPolicy hashAlgorithmPolicy; - if (type == SignatureType.CERTIFICATION_REVOCATION || type == SignatureType.KEY_REVOCATION || type == SignatureType.SUBKEY_REVOCATION) { + if (type == SignatureType.CERTIFICATION_REVOCATION || type == SignatureType.KEY_REVOCATION || + type == SignatureType.SUBKEY_REVOCATION) { hashAlgorithmPolicy = policy.getRevocationSignatureHashAlgorithmPolicy(); } else { hashAlgorithmPolicy = policy.getSignatureHashAlgorithmPolicy(); @@ -241,7 +256,8 @@ public abstract class SignatureValidator { continue; } if (!registry.isKnownNotation(notation.getNotationName())) { - throw new SignatureValidationException("Signature contains unknown critical notation '" + notation.getNotationName() + "' in its hashed area."); + throw new SignatureValidationException("Signature contains unknown critical notation '" + + notation.getNotationName() + "' in its hashed area."); } } } @@ -262,7 +278,9 @@ public abstract class SignatureValidator { try { SignatureSubpacket.requireFromCode(criticalTag); } catch (NoSuchElementException e) { - throw new SignatureValidationException("Signature contains unknown critical subpacket of type " + Long.toHexString(criticalTag)); + throw new SignatureValidationException( + "Signature contains unknown critical subpacket of type " + + Long.toHexString(criticalTag)); } } } @@ -281,15 +299,15 @@ public abstract class SignatureValidator { /** * Verify that a signature is effective at the given reference date. * - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return validator */ - public static SignatureValidator signatureIsEffective(Date validationDate) { + public static SignatureValidator signatureIsEffective(Date referenceDate) { return new SignatureValidator() { @Override public void verify(PGPSignature signature) throws SignatureValidationException { - signatureIsAlreadyEffective(validationDate).verify(signature); - signatureIsNotYetExpired(validationDate).verify(signature); + signatureIsAlreadyEffective(referenceDate).verify(signature); + signatureIsNotYetExpired(referenceDate).verify(signature); } }; } @@ -297,10 +315,10 @@ public abstract class SignatureValidator { /** * Verify that a signature was created prior to the given reference date. * - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return validator */ - public static SignatureValidator signatureIsAlreadyEffective(Date validationDate) { + public static SignatureValidator signatureIsAlreadyEffective(Date referenceDate) { return new SignatureValidator() { @Override public void verify(PGPSignature signature) throws SignatureValidationException { @@ -310,8 +328,9 @@ public abstract class SignatureValidator { return; } - if (signatureCreationTime.after(validationDate)) { - throw new SignatureValidationException("Signature was created at " + signatureCreationTime + " and is therefore not yet valid at " + validationDate); + if (signatureCreationTime.after(referenceDate)) { + throw new SignatureValidationException("Signature was created at " + signatureCreationTime + + " and is therefore not yet valid at " + referenceDate); } } }; @@ -320,10 +339,10 @@ public abstract class SignatureValidator { /** * Verify that a signature is not yet expired. * - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return validator */ - public static SignatureValidator signatureIsNotYetExpired(Date validationDate) { + public static SignatureValidator signatureIsNotYetExpired(Date referenceDate) { return new SignatureValidator() { @Override public void verify(PGPSignature signature) throws SignatureValidationException { @@ -333,8 +352,9 @@ public abstract class SignatureValidator { } Date signatureExpirationTime = SignatureSubpacketsUtil.getSignatureExpirationTimeAsDate(signature); - if (signatureExpirationTime != null && signatureExpirationTime.before(validationDate)) { - throw new SignatureValidationException("Signature is already expired (expiration: " + signatureExpirationTime + ", validation: " + validationDate + ")"); + if (signatureExpirationTime != null && signatureExpirationTime.before(referenceDate)) { + throw new SignatureValidationException("Signature is already expired (expiration: " + + signatureExpirationTime + ", validation: " + referenceDate + ")"); } } }; @@ -375,7 +395,8 @@ public abstract class SignatureValidator { public void verify(PGPSignature signature) throws SignatureValidationException { SignatureCreationTime creationTime = SignatureSubpacketsUtil.getSignatureCreationTime(signature); if (creationTime == null) { - throw new SignatureValidationException("Malformed signature. Signature has no signature creation time subpacket in its hashed area."); + throw new SignatureValidationException( + "Malformed signature. Signature has no signature creation time subpacket in its hashed area."); } } }; @@ -405,7 +426,8 @@ public abstract class SignatureValidator { Date signatureCreationTime = signature.getCreationTime(); if (keyCreationTime.after(signatureCreationTime)) { - throw new SignatureValidationException("Signature predates key (key creation: " + keyCreationTime + ", signature creation: " + signatureCreationTime + ")"); + throw new SignatureValidationException("Signature predates key (key creation: " + + keyCreationTime + ", signature creation: " + signatureCreationTime + ")"); } } }; @@ -425,7 +447,8 @@ public abstract class SignatureValidator { return; } boolean predatesBindingSig = true; - Iterator bindingSignatures = signingKey.getSignaturesOfType(SignatureType.SUBKEY_BINDING.getCode()); + Iterator bindingSignatures = + signingKey.getSignaturesOfType(SignatureType.SUBKEY_BINDING.getCode()); if (!bindingSignatures.hasNext()) { throw new SignatureValidationException("Signing subkey does not have a subkey binding signature."); } @@ -436,7 +459,8 @@ public abstract class SignatureValidator { } } if (predatesBindingSig) { - throw new SignatureValidationException("Signature was created before the signing key was bound to the key ring."); + throw new SignatureValidationException( + "Signature was created before the signing key was bound to the key ring."); } } }; @@ -457,7 +481,8 @@ public abstract class SignatureValidator { throw new SignatureValidationException("Primary key cannot be its own subkey."); } try { - signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), primaryKey); + signature.init(ImplementationFactory.getInstance() + .getPGPContentVerifierBuilderProvider(), primaryKey); boolean valid = signature.verifyCertification(primaryKey, subkey); if (!valid) { throw new SignatureValidationException("Signature is not correct."); @@ -487,7 +512,8 @@ public abstract class SignatureValidator { throw new SignatureValidationException("Primary Key Binding Signature is not correct."); } } catch (PGPException | ClassCastException e) { - throw new SignatureValidationException("Cannot verify primary key binding signature correctness", e); + throw new SignatureValidationException( + "Cannot verify primary key binding signature correctness", e); } } }; @@ -554,7 +580,8 @@ public abstract class SignatureValidator { } } if (!valid) { - throw new SignatureValidationException("Signature is of type " + type + " while only " + Arrays.toString(signatureTypes) + " are allowed here."); + throw new SignatureValidationException("Signature is of type " + type + " while only " + + Arrays.toString(signatureTypes) + " are allowed here."); } } }; @@ -568,18 +595,22 @@ public abstract class SignatureValidator { * @param certifyingKey key that created the signature. * @return validator */ - public static SignatureValidator correctSignatureOverUserId(String userId, PGPPublicKey certifiedKey, PGPPublicKey certifyingKey) { + public static SignatureValidator correctSignatureOverUserId(String userId, PGPPublicKey certifiedKey, + PGPPublicKey certifyingKey) { return new SignatureValidator() { @Override public void verify(PGPSignature signature) throws SignatureValidationException { try { - signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), certifyingKey); + signature.init(ImplementationFactory.getInstance() + .getPGPContentVerifierBuilderProvider(), certifyingKey); boolean valid = signature.verifyCertification(userId, certifiedKey); if (!valid) { - throw new SignatureValidationException("Signature over user-id '" + userId + "' is not correct."); + throw new SignatureValidationException("Signature over user-id '" + userId + + "' is not correct."); } } catch (PGPException | ClassCastException e) { - throw new SignatureValidationException("Cannot verify signature over user-id '" + userId + "'.", e); + throw new SignatureValidationException("Cannot verify signature over user-id '" + + userId + "'.", e); } } }; @@ -593,12 +624,15 @@ public abstract class SignatureValidator { * @param certifyingKey key that created the certification signature * @return validator */ - public static SignatureValidator correctSignatureOverUserAttributes(PGPUserAttributeSubpacketVector userAttributes, PGPPublicKey certifiedKey, PGPPublicKey certifyingKey) { + public static SignatureValidator correctSignatureOverUserAttributes(PGPUserAttributeSubpacketVector userAttributes, + PGPPublicKey certifiedKey, + PGPPublicKey certifyingKey) { return new SignatureValidator() { @Override public void verify(PGPSignature signature) throws SignatureValidationException { try { - signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), certifyingKey); + signature.init(ImplementationFactory.getInstance() + .getPGPContentVerifierBuilderProvider(), certifyingKey); boolean valid = signature.verifyCertification(userAttributes, certifiedKey); if (!valid) { throw new SignatureValidationException("Signature over user-attribute vector is not correct."); @@ -616,12 +650,16 @@ public abstract class SignatureValidator { public void verify(PGPSignature signature) throws SignatureValidationException { Date timestamp = signature.getCreationTime(); if (notBefore != null && timestamp.before(notBefore)) { - throw new SignatureValidationException("Signature was made before the earliest allowed signature creation time. Created: " + - DateUtil.formatUTCDate(timestamp) + " Earliest allowed: " + DateUtil.formatUTCDate(notBefore)); + throw new SignatureValidationException( + "Signature was made before the earliest allowed signature creation time. Created: " + + DateUtil.formatUTCDate(timestamp) + " Earliest allowed: " + + DateUtil.formatUTCDate(notBefore)); } if (notAfter != null && timestamp.after(notAfter)) { - throw new SignatureValidationException("Signature was made after the latest allowed signature creation time. Created: " + - DateUtil.formatUTCDate(timestamp) + " Latest allowed: " + DateUtil.formatUTCDate(notAfter)); + throw new SignatureValidationException( + "Signature was made after the latest allowed signature creation time. Created: " + + DateUtil.formatUTCDate(timestamp) + " Latest allowed: " + + DateUtil.formatUTCDate(notAfter)); } } }; diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureVerifier.java b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureVerifier.java index d4a61271..c4565197 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureVerifier.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureVerifier.java @@ -36,12 +36,13 @@ public final class SignatureVerifier { * @param signingKey key that created the certification * @param keyWithUserId key carrying the user-id * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if signature verification is successful * * @throws SignatureValidationException if signature verification fails for some reason */ - public static boolean verifySignatureOverUserId(String userId, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserId, Policy policy, Date validationDate) + public static boolean verifySignatureOverUserId(String userId, PGPSignature signature, PGPPublicKey signingKey, + PGPPublicKey keyWithUserId, Policy policy, Date referenceDate) throws SignatureValidationException { SignatureType type = SignatureType.valueOf(signature.getSignatureType()); switch (type) { @@ -49,9 +50,9 @@ public final class SignatureVerifier { case NO_CERTIFICATION: case CASUAL_CERTIFICATION: case POSITIVE_CERTIFICATION: - return verifyUserIdCertification(userId, signature, signingKey, keyWithUserId, policy, validationDate); + return verifyUserIdCertification(userId, signature, signingKey, keyWithUserId, policy, referenceDate); case CERTIFICATION_REVOCATION: - return verifyUserIdRevocation(userId, signature, signingKey, keyWithUserId, policy, validationDate); + return verifyUserIdRevocation(userId, signature, signingKey, keyWithUserId, policy, referenceDate); default: throw new SignatureValidationException("Signature is not a valid user-id certification/revocation signature: " + type); } @@ -64,14 +65,15 @@ public final class SignatureVerifier { * @param signature certification signature * @param primaryKey primary key * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if the self-signature is verified successfully * * @throws SignatureValidationException if signature verification fails for some reason */ - public static boolean verifyUserIdCertification(String userId, PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) + public static boolean verifyUserIdCertification(String userId, PGPSignature signature, PGPPublicKey primaryKey, + Policy policy, Date referenceDate) throws SignatureValidationException { - return verifyUserIdCertification(userId, signature, primaryKey, primaryKey, policy, validationDate); + return verifyUserIdCertification(userId, signature, primaryKey, primaryKey, policy, referenceDate); } /** @@ -82,17 +84,18 @@ public final class SignatureVerifier { * @param signingKey key that created the certification * @param keyWithUserId primary key that carries the user-id * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if signature verification is successful * * @throws SignatureValidationException if signature verification fails for some reason */ - public static boolean verifyUserIdCertification(String userId, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserId, Policy policy, Date validationDate) + public static boolean verifyUserIdCertification(String userId, PGPSignature signature, PGPPublicKey signingKey, + PGPPublicKey keyWithUserId, Policy policy, Date referenceDate) throws SignatureValidationException { SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature); SignatureValidator.signatureIsCertification().verify(signature); SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); - SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.signatureIsEffective(referenceDate).verify(signature); SignatureValidator.correctSignatureOverUserId(userId, keyWithUserId, signingKey).verify(signature); return true; @@ -105,14 +108,15 @@ public final class SignatureVerifier { * @param signature user-id revocation signature * @param primaryKey primary key * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if the user-id revocation signature is successfully verified * * @throws SignatureValidationException if signature verification fails for some reason */ - public static boolean verifyUserIdRevocation(String userId, PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) + public static boolean verifyUserIdRevocation(String userId, PGPSignature signature, PGPPublicKey primaryKey, + Policy policy, Date referenceDate) throws SignatureValidationException { - return verifyUserIdRevocation(userId, signature, primaryKey, primaryKey, policy, validationDate); + return verifyUserIdRevocation(userId, signature, primaryKey, primaryKey, policy, referenceDate); } /** @@ -123,17 +127,18 @@ public final class SignatureVerifier { * @param signingKey key that created the revocation signature * @param keyWithUserId primary key carrying the user-id * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if the user-id revocation signature is successfully verified * * @throws SignatureValidationException if signature verification fails for some reason */ - public static boolean verifyUserIdRevocation(String userId, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserId, Policy policy, Date validationDate) + public static boolean verifyUserIdRevocation(String userId, PGPSignature signature, PGPPublicKey signingKey, + PGPPublicKey keyWithUserId, Policy policy, Date referenceDate) throws SignatureValidationException { SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature); SignatureValidator.signatureIsOfType(SignatureType.CERTIFICATION_REVOCATION).verify(signature); SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); - SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.signatureIsEffective(referenceDate).verify(signature); SignatureValidator.correctSignatureOverUserId(userId, keyWithUserId, signingKey).verify(signature); return true; @@ -146,16 +151,17 @@ public final class SignatureVerifier { * @param signature certification self-signature * @param primaryKey primary key that carries the user-attributes * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if the signature can be verified successfully * * @throws SignatureValidationException if signature verification fails for some reason */ public static boolean verifyUserAttributesCertification(PGPUserAttributeSubpacketVector userAttributes, PGPSignature signature, PGPPublicKey primaryKey, - Policy policy, Date validationDate) + Policy policy, Date referenceDate) throws SignatureValidationException { - return verifyUserAttributesCertification(userAttributes, signature, primaryKey, primaryKey, policy, validationDate); + return verifyUserAttributesCertification(userAttributes, signature, primaryKey, primaryKey, policy, + referenceDate); } /** @@ -166,7 +172,7 @@ public final class SignatureVerifier { * @param signingKey key that created the user-attributes certification * @param keyWithUserAttributes key that carries the user-attributes certification * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if the signature can be verified successfully * * @throws SignatureValidationException if signature verification fails for some reason @@ -174,13 +180,14 @@ public final class SignatureVerifier { public static boolean verifyUserAttributesCertification(PGPUserAttributeSubpacketVector userAttributes, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserAttributes, Policy policy, - Date validationDate) + Date referenceDate) throws SignatureValidationException { SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature); SignatureValidator.signatureIsCertification().verify(signature); SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); - SignatureValidator.signatureIsEffective(validationDate).verify(signature); - SignatureValidator.correctSignatureOverUserAttributes(userAttributes, keyWithUserAttributes, signingKey).verify(signature); + SignatureValidator.signatureIsEffective(referenceDate).verify(signature); + SignatureValidator.correctSignatureOverUserAttributes(userAttributes, keyWithUserAttributes, signingKey) + .verify(signature); return true; } @@ -192,16 +199,16 @@ public final class SignatureVerifier { * @param signature user-attributes revocation signature * @param primaryKey primary key that carries the user-attributes * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if the revocation signature can be verified successfully * * @throws SignatureValidationException if signature verification fails for some reason */ public static boolean verifyUserAttributesRevocation(PGPUserAttributeSubpacketVector userAttributes, PGPSignature signature, PGPPublicKey primaryKey, - Policy policy, Date validationDate) + Policy policy, Date referenceDate) throws SignatureValidationException { - return verifyUserAttributesRevocation(userAttributes, signature, primaryKey, primaryKey, policy, validationDate); + return verifyUserAttributesRevocation(userAttributes, signature, primaryKey, primaryKey, policy, referenceDate); } /** @@ -212,7 +219,7 @@ public final class SignatureVerifier { * @param signingKey revocation key * @param keyWithUserAttributes key that carries the user-attributes * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if the revocation signature can be verified successfully * * @throws SignatureValidationException if signature verification fails for some reason @@ -220,13 +227,14 @@ public final class SignatureVerifier { public static boolean verifyUserAttributesRevocation(PGPUserAttributeSubpacketVector userAttributes, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserAttributes, Policy policy, - Date validationDate) + Date referenceDate) throws SignatureValidationException { SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature); SignatureValidator.signatureIsOfType(SignatureType.CERTIFICATION_REVOCATION).verify(signature); SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); - SignatureValidator.signatureIsEffective(validationDate).verify(signature); - SignatureValidator.correctSignatureOverUserAttributes(userAttributes, keyWithUserAttributes, signingKey).verify(signature); + SignatureValidator.signatureIsEffective(referenceDate).verify(signature); + SignatureValidator.correctSignatureOverUserAttributes(userAttributes, keyWithUserAttributes, signingKey) + .verify(signature); return true; } @@ -238,18 +246,20 @@ public final class SignatureVerifier { * @param primaryKey primary key * @param subkey subkey * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if the binding signature can be verified successfully * * @throws SignatureValidationException if signature verification fails for some reason */ - public static boolean verifySubkeyBindingSignature(PGPSignature signature, PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) + public static boolean verifySubkeyBindingSignature(PGPSignature signature, PGPPublicKey primaryKey, + PGPPublicKey subkey, Policy policy, Date referenceDate) throws SignatureValidationException { SignatureValidator.signatureIsOfType(SignatureType.SUBKEY_BINDING).verify(signature); SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature); SignatureValidator.signatureDoesNotPredateSignee(subkey).verify(signature); - SignatureValidator.signatureIsEffective(validationDate).verify(signature); - SignatureValidator.hasValidPrimaryKeyBindingSignatureIfRequired(primaryKey, subkey, policy, validationDate).verify(signature); + SignatureValidator.signatureIsEffective(referenceDate).verify(signature); + SignatureValidator.hasValidPrimaryKeyBindingSignatureIfRequired(primaryKey, subkey, policy, referenceDate) + .verify(signature); SignatureValidator.correctSubkeyBindingSignature(primaryKey, subkey).verify(signature); return true; @@ -262,16 +272,18 @@ public final class SignatureVerifier { * @param primaryKey primary key * @param subkey subkey * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if the subkey revocation signature can be verified successfully * * @throws SignatureValidationException if signature verification fails for some reason */ - public static boolean verifySubkeyBindingRevocation(PGPSignature signature, PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) throws SignatureValidationException { + public static boolean verifySubkeyBindingRevocation(PGPSignature signature, PGPPublicKey primaryKey, + PGPPublicKey subkey, Policy policy, Date referenceDate) + throws SignatureValidationException { SignatureValidator.signatureIsOfType(SignatureType.SUBKEY_REVOCATION).verify(signature); SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature); SignatureValidator.signatureDoesNotPredateSignee(subkey).verify(signature); - SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.signatureIsEffective(referenceDate).verify(signature); SignatureValidator.correctSignatureOverKey(primaryKey, subkey).verify(signature); return true; @@ -283,14 +295,15 @@ public final class SignatureVerifier { * @param signature signature * @param primaryKey primary key * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if the signature can be verified successfully * * @throws SignatureValidationException if signature verification fails for some reason */ - public static boolean verifyDirectKeySignature(PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) + public static boolean verifyDirectKeySignature(PGPSignature signature, PGPPublicKey primaryKey, + Policy policy, Date referenceDate) throws SignatureValidationException { - return verifyDirectKeySignature(signature, primaryKey, primaryKey, policy, validationDate); + return verifyDirectKeySignature(signature, primaryKey, primaryKey, policy, referenceDate); } /** @@ -300,17 +313,18 @@ public final class SignatureVerifier { * @param signingKey signing key * @param signedKey signed key * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if signature verification is successful * * @throws SignatureValidationException if signature verification fails for some reason */ - public static boolean verifyDirectKeySignature(PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey signedKey, Policy policy, Date validationDate) + public static boolean verifyDirectKeySignature(PGPSignature signature, PGPPublicKey signingKey, + PGPPublicKey signedKey, Policy policy, Date referenceDate) throws SignatureValidationException { SignatureValidator.signatureIsOfType(SignatureType.DIRECT_KEY).verify(signature); SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); SignatureValidator.signatureDoesNotPredateSignee(signedKey).verify(signature); - SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.signatureIsEffective(referenceDate).verify(signature); SignatureValidator.correctSignatureOverKey(signingKey, signedKey).verify(signature); return true; @@ -322,16 +336,17 @@ public final class SignatureVerifier { * @param signature signature * @param primaryKey primary key * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if signature verification is successful * * @throws SignatureValidationException if signature verification fails for some reason */ - public static boolean verifyKeyRevocationSignature(PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) + public static boolean verifyKeyRevocationSignature(PGPSignature signature, PGPPublicKey primaryKey, + Policy policy, Date referenceDate) throws SignatureValidationException { SignatureValidator.signatureIsOfType(SignatureType.KEY_REVOCATION).verify(signature); SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature); - SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.signatureIsEffective(referenceDate).verify(signature); SignatureValidator.correctSignatureOverKey(primaryKey, primaryKey).verify(signature); return true; @@ -344,14 +359,16 @@ public final class SignatureVerifier { * @param signedData input stream containing the signed data * @param signingKey the key that created the signature * @param policy policy - * @param validationDate reference date of signature verification + * @param referenceDate reference date of signature verification * @return true if the signature is successfully verified * * @throws SignatureValidationException if the signature verification fails for some reason */ - public static boolean verifyUninitializedSignature(PGPSignature signature, InputStream signedData, PGPPublicKey signingKey, Policy policy, Date validationDate) throws SignatureValidationException { + public static boolean verifyUninitializedSignature(PGPSignature signature, InputStream signedData, + PGPPublicKey signingKey, Policy policy, Date referenceDate) + throws SignatureValidationException { initializeSignatureAndUpdateWithSignedData(signature, signedData, signingKey); - return verifyInitializedSignature(signature, signingKey, policy, validationDate); + return verifyInitializedSignature(signature, signingKey, policy, referenceDate); } /** @@ -363,7 +380,8 @@ public final class SignatureVerifier { * * @throws SignatureValidationException in case the signature cannot be verified for some reason */ - public static void initializeSignatureAndUpdateWithSignedData(PGPSignature signature, InputStream signedData, PGPPublicKey signingKey) + public static void initializeSignatureAndUpdateWithSignedData(PGPSignature signature, InputStream signedData, + PGPPublicKey signingKey) throws SignatureValidationException { try { signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey); @@ -399,16 +417,17 @@ public final class SignatureVerifier { * @param signature OpenPGP signature * @param signingKey key that created the signature * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if signature is verified successfully * * @throws SignatureValidationException if signature verification fails for some reason */ - public static boolean verifyInitializedSignature(PGPSignature signature, PGPPublicKey signingKey, Policy policy, Date validationDate) + public static boolean verifyInitializedSignature(PGPSignature signature, PGPPublicKey signingKey, Policy policy, + Date referenceDate) throws SignatureValidationException { SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature); SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); - SignatureValidator.signatureIsEffective(validationDate).verify(signature); + SignatureValidator.signatureIsEffective(referenceDate).verify(signature); try { if (!signature.verify()) { @@ -420,7 +439,8 @@ public final class SignatureVerifier { } } - public static boolean verifyOnePassSignature(PGPSignature signature, PGPPublicKey signingKey, OnePassSignatureCheck onePassSignature, Policy policy) + public static boolean verifyOnePassSignature(PGPSignature signature, PGPPublicKey signingKey, + OnePassSignatureCheck onePassSignature, Policy policy) throws SignatureValidationException { try { SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature); @@ -435,10 +455,12 @@ public final class SignatureVerifier { throw new IllegalStateException("No comparison signature provided."); } if (!onePassSignature.getOnePassSignature().verify(signature)) { - throw new SignatureValidationException("Bad signature of key " + Long.toHexString(signingKey.getKeyID())); + throw new SignatureValidationException("Bad signature of key " + + Long.toHexString(signingKey.getKeyID())); } } catch (PGPException e) { - throw new SignatureValidationException("Could not verify correctness of One-Pass-Signature: " + e.getMessage(), e); + throw new SignatureValidationException("Could not verify correctness of One-Pass-Signature: " + + e.getMessage(), e); } return true; @@ -451,13 +473,14 @@ public final class SignatureVerifier { * @param signature self-signature * @param primaryKey primary key that created the signature * @param policy policy - * @param validationDate reference date for signature verification + * @param referenceDate reference date for signature verification * @return true if the signature is successfully verified * * @throws SignatureValidationException if signature verification fails for some reason */ - public static boolean verifySignatureOverUserId(String userId, PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate) + public static boolean verifySignatureOverUserId(String userId, PGPSignature signature, PGPPublicKey primaryKey, + Policy policy, Date referenceDate) throws SignatureValidationException { - return verifySignatureOverUserId(userId, signature, primaryKey, primaryKey, policy, validationDate); + return verifySignatureOverUserId(userId, signature, primaryKey, primaryKey, policy, referenceDate); } }