mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-26 06:12:06 +01:00
s/{validation|evaluation}Date/referenceTime/g
This commit is contained in:
parent
0c0f82ce2e
commit
7e0b1b344c
3 changed files with 179 additions and 118 deletions
|
@ -56,7 +56,7 @@ public class KeyRingInfo {
|
|||
|
||||
private final PGPKeyRing keys;
|
||||
private final Signatures signatures;
|
||||
private final Date evaluationDate;
|
||||
private final Date referenceDate;
|
||||
private final String primaryUserId;
|
||||
|
||||
/**
|
||||
|
@ -99,7 +99,7 @@ public class KeyRingInfo {
|
|||
public KeyRingInfo(PGPKeyRing keys, Policy policy, Date validationDate) {
|
||||
this.keys = keys;
|
||||
this.signatures = new Signatures(keys, validationDate, policy);
|
||||
this.evaluationDate = validationDate;
|
||||
this.referenceDate = validationDate;
|
||||
this.primaryUserId = findPrimaryUserId();
|
||||
}
|
||||
|
||||
|
@ -413,7 +413,7 @@ public class KeyRingInfo {
|
|||
}
|
||||
if (certification.getHashedSubPackets().isPrimaryUserID()) {
|
||||
Date keyExpiration = SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(certification, keys.getPublicKey());
|
||||
if (keyExpiration != null && evaluationDate.after(keyExpiration)) {
|
||||
if (keyExpiration != null && referenceDate.after(keyExpiration)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -1097,9 +1097,9 @@ public class KeyRingInfo {
|
|||
private final Map<Long, PGPSignature> subkeyRevocations;
|
||||
private final Map<Long, PGPSignature> subkeyBindings;
|
||||
|
||||
public Signatures(PGPKeyRing keyRing, Date evaluationDate, Policy policy) {
|
||||
primaryKeyRevocation = SignaturePicker.pickCurrentRevocationSelfSignature(keyRing, policy, evaluationDate);
|
||||
primaryKeySelfSignature = SignaturePicker.pickLatestDirectKeySignature(keyRing, policy, evaluationDate);
|
||||
public Signatures(PGPKeyRing keyRing, Date referenceDate, Policy policy) {
|
||||
primaryKeyRevocation = SignaturePicker.pickCurrentRevocationSelfSignature(keyRing, policy, referenceDate);
|
||||
primaryKeySelfSignature = SignaturePicker.pickLatestDirectKeySignature(keyRing, policy, referenceDate);
|
||||
userIdRevocations = new HashMap<>();
|
||||
userIdCertifications = new HashMap<>();
|
||||
subkeyRevocations = new HashMap<>();
|
||||
|
@ -1107,11 +1107,11 @@ public class KeyRingInfo {
|
|||
|
||||
for (Iterator<String> it = keyRing.getPublicKey().getUserIDs(); it.hasNext(); ) {
|
||||
String userId = it.next();
|
||||
PGPSignature revocation = SignaturePicker.pickCurrentUserIdRevocationSignature(keyRing, userId, policy, evaluationDate);
|
||||
PGPSignature revocation = SignaturePicker.pickCurrentUserIdRevocationSignature(keyRing, userId, policy, referenceDate);
|
||||
if (revocation != null) {
|
||||
userIdRevocations.put(userId, revocation);
|
||||
}
|
||||
PGPSignature certification = SignaturePicker.pickLatestUserIdCertificationSignature(keyRing, userId, policy, evaluationDate);
|
||||
PGPSignature certification = SignaturePicker.pickLatestUserIdCertificationSignature(keyRing, userId, policy, referenceDate);
|
||||
if (certification != null) {
|
||||
userIdCertifications.put(userId, certification);
|
||||
}
|
||||
|
@ -1121,11 +1121,11 @@ public class KeyRingInfo {
|
|||
keys.next(); // Skip primary key
|
||||
while (keys.hasNext()) {
|
||||
PGPPublicKey subkey = keys.next();
|
||||
PGPSignature subkeyRevocation = SignaturePicker.pickCurrentSubkeyBindingRevocationSignature(keyRing, subkey, policy, evaluationDate);
|
||||
PGPSignature subkeyRevocation = SignaturePicker.pickCurrentSubkeyBindingRevocationSignature(keyRing, subkey, policy, referenceDate);
|
||||
if (subkeyRevocation != null) {
|
||||
subkeyRevocations.put(subkey.getKeyID(), subkeyRevocation);
|
||||
}
|
||||
PGPSignature subkeyBinding = SignaturePicker.pickLatestSubkeyBindingSignature(keyRing, subkey, policy, evaluationDate);
|
||||
PGPSignature subkeyBinding = SignaturePicker.pickLatestSubkeyBindingSignature(keyRing, subkey, policy, referenceDate);
|
||||
if (subkeyBinding != null) {
|
||||
subkeyBindings.put(subkey.getKeyID(), subkeyBinding);
|
||||
}
|
||||
|
|
|
@ -44,14 +44,15 @@ public abstract class SignatureValidator {
|
|||
|
||||
/**
|
||||
* Check, whether there is the possibility that the given signature was created by the given key.
|
||||
* {@link #verify(PGPSignature)} throws a {@link SignatureValidationException} if we can say with certainty that the signature
|
||||
* was not created by the given key (e.g. if the sig carries another issuer, issuer fingerprint packet).
|
||||
* {@link #verify(PGPSignature)} throws a {@link SignatureValidationException} if we can say with certainty that
|
||||
* the signature was not created by the given key (e.g. if the sig carries another issuer, issuer fingerprint packet).
|
||||
*
|
||||
* If there is no information found in the signature about who created it (no issuer, no fingerprint),
|
||||
* {@link #verify(PGPSignature)} will simply return since it is plausible that the given key created the sig.
|
||||
*
|
||||
* @param signingKey signing key
|
||||
* @return validator that throws a {@link SignatureValidationException} if the signature was not possibly made by the given key.
|
||||
* @return validator that throws a {@link SignatureValidationException} if the signature was not possibly made by
|
||||
* the given key.
|
||||
*/
|
||||
public static SignatureValidator wasPossiblyMadeByKey(PGPPublicKey signingKey) {
|
||||
return new SignatureValidator() {
|
||||
|
@ -62,14 +63,17 @@ public abstract class SignatureValidator {
|
|||
Long issuer = SignatureSubpacketsUtil.getIssuerKeyIdAsLong(signature);
|
||||
if (issuer != null) {
|
||||
if (issuer != signingKey.getKeyID()) {
|
||||
throw new SignatureValidationException("Signature was not created by " + signingKeyFingerprint + " (signature issuer: " + Long.toHexString(issuer) + ")");
|
||||
throw new SignatureValidationException("Signature was not created by " +
|
||||
signingKeyFingerprint + " (signature issuer: " + Long.toHexString(issuer) + ")");
|
||||
}
|
||||
}
|
||||
|
||||
OpenPgpFingerprint fingerprint = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpFingerprint(signature);
|
||||
OpenPgpFingerprint fingerprint =
|
||||
SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpFingerprint(signature);
|
||||
if (fingerprint != null) {
|
||||
if (!fingerprint.equals(signingKeyFingerprint)) {
|
||||
throw new SignatureValidationException("Signature was not created by " + signingKeyFingerprint + " (signature fingerprint: " + fingerprint + ")");
|
||||
throw new SignatureValidationException("Signature was not created by " +
|
||||
signingKeyFingerprint + " (signature fingerprint: " + fingerprint + ")");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -86,10 +90,12 @@ public abstract class SignatureValidator {
|
|||
* @param primaryKey primary key
|
||||
* @param subkey subkey
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return validator
|
||||
*/
|
||||
public static SignatureValidator hasValidPrimaryKeyBindingSignatureIfRequired(PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) {
|
||||
public static SignatureValidator hasValidPrimaryKeyBindingSignatureIfRequired(PGPPublicKey primaryKey,
|
||||
PGPPublicKey subkey, Policy policy,
|
||||
Date referenceDate) {
|
||||
return new SignatureValidator() {
|
||||
@Override
|
||||
public void verify(PGPSignature signature) throws SignatureValidationException {
|
||||
|
@ -117,7 +123,7 @@ public abstract class SignatureValidator {
|
|||
|
||||
try {
|
||||
signatureStructureIsAcceptable(subkey, policy).verify(embedded);
|
||||
signatureIsEffective(validationDate).verify(embedded);
|
||||
signatureIsEffective(referenceDate).verify(embedded);
|
||||
correctPrimaryKeyBindingSignature(primaryKey, subkey).verify(embedded);
|
||||
|
||||
hasValidPrimaryKeyBinding = true;
|
||||
|
@ -129,7 +135,9 @@ public abstract class SignatureValidator {
|
|||
}
|
||||
|
||||
if (!hasValidPrimaryKeyBinding) {
|
||||
throw new SignatureValidationException("Missing primary key binding signature on signing capable subkey " + Long.toHexString(subkey.getKeyID()), rejectedEmbeddedSigs);
|
||||
throw new SignatureValidationException(
|
||||
"Missing primary key binding signature on signing capable subkey " +
|
||||
Long.toHexString(subkey.getKeyID()), rejectedEmbeddedSigs);
|
||||
}
|
||||
} catch (PGPException e) {
|
||||
throw new SignatureValidationException("Cannot process list of embedded signatures.", e);
|
||||
|
@ -165,7 +173,8 @@ public abstract class SignatureValidator {
|
|||
* @param signingKey signing key
|
||||
* @return validator
|
||||
*/
|
||||
private static SignatureValidator signatureUsesAcceptablePublicKeyAlgorithm(Policy policy, PGPPublicKey signingKey) {
|
||||
private static SignatureValidator signatureUsesAcceptablePublicKeyAlgorithm(Policy policy,
|
||||
PGPPublicKey signingKey) {
|
||||
return new SignatureValidator() {
|
||||
@Override
|
||||
public void verify(PGPSignature signature) throws SignatureValidationException {
|
||||
|
@ -176,7 +185,8 @@ public abstract class SignatureValidator {
|
|||
}
|
||||
if (!policy.getPublicKeyAlgorithmPolicy().isAcceptable(algorithm, bitStrength)) {
|
||||
throw new SignatureValidationException("Signature was made using unacceptable key. " +
|
||||
algorithm + " (" + bitStrength + " bits) is not acceptable according to the public key algorithm policy.");
|
||||
algorithm + " (" + bitStrength +
|
||||
" bits) is not acceptable according to the public key algorithm policy.");
|
||||
}
|
||||
}
|
||||
};
|
||||
|
@ -194,13 +204,16 @@ public abstract class SignatureValidator {
|
|||
public void verify(PGPSignature signature) throws SignatureValidationException {
|
||||
try {
|
||||
HashAlgorithm hashAlgorithm = HashAlgorithm.requireFromId(signature.getHashAlgorithm());
|
||||
Policy.HashAlgorithmPolicy hashAlgorithmPolicy = getHashAlgorithmPolicyForSignature(signature, policy);
|
||||
Policy.HashAlgorithmPolicy hashAlgorithmPolicy =
|
||||
getHashAlgorithmPolicyForSignature(signature, policy);
|
||||
if (!hashAlgorithmPolicy.isAcceptable(signature.getHashAlgorithm(), signature.getCreationTime())) {
|
||||
throw new SignatureValidationException("Signature uses unacceptable hash algorithm " + hashAlgorithm +
|
||||
" (Signature creation time: " + DateUtil.formatUTCDate(signature.getCreationTime()) + ")");
|
||||
throw new SignatureValidationException("Signature uses unacceptable hash algorithm " +
|
||||
hashAlgorithm + " (Signature creation time: " +
|
||||
DateUtil.formatUTCDate(signature.getCreationTime()) + ")");
|
||||
}
|
||||
} catch (NoSuchElementException e) {
|
||||
throw new SignatureValidationException("Signature uses unknown hash algorithm " + signature.getHashAlgorithm());
|
||||
throw new SignatureValidationException("Signature uses unknown hash algorithm " +
|
||||
signature.getHashAlgorithm());
|
||||
}
|
||||
}
|
||||
};
|
||||
|
@ -214,10 +227,12 @@ public abstract class SignatureValidator {
|
|||
* @param policy revocation policy for revocation sigs, normal policy for non-rev sigs
|
||||
* @return policy
|
||||
*/
|
||||
private static Policy.HashAlgorithmPolicy getHashAlgorithmPolicyForSignature(PGPSignature signature, Policy policy) {
|
||||
private static Policy.HashAlgorithmPolicy getHashAlgorithmPolicyForSignature(PGPSignature signature,
|
||||
Policy policy) {
|
||||
SignatureType type = SignatureType.valueOf(signature.getSignatureType());
|
||||
Policy.HashAlgorithmPolicy hashAlgorithmPolicy;
|
||||
if (type == SignatureType.CERTIFICATION_REVOCATION || type == SignatureType.KEY_REVOCATION || type == SignatureType.SUBKEY_REVOCATION) {
|
||||
if (type == SignatureType.CERTIFICATION_REVOCATION || type == SignatureType.KEY_REVOCATION ||
|
||||
type == SignatureType.SUBKEY_REVOCATION) {
|
||||
hashAlgorithmPolicy = policy.getRevocationSignatureHashAlgorithmPolicy();
|
||||
} else {
|
||||
hashAlgorithmPolicy = policy.getSignatureHashAlgorithmPolicy();
|
||||
|
@ -241,7 +256,8 @@ public abstract class SignatureValidator {
|
|||
continue;
|
||||
}
|
||||
if (!registry.isKnownNotation(notation.getNotationName())) {
|
||||
throw new SignatureValidationException("Signature contains unknown critical notation '" + notation.getNotationName() + "' in its hashed area.");
|
||||
throw new SignatureValidationException("Signature contains unknown critical notation '" +
|
||||
notation.getNotationName() + "' in its hashed area.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -262,7 +278,9 @@ public abstract class SignatureValidator {
|
|||
try {
|
||||
SignatureSubpacket.requireFromCode(criticalTag);
|
||||
} catch (NoSuchElementException e) {
|
||||
throw new SignatureValidationException("Signature contains unknown critical subpacket of type " + Long.toHexString(criticalTag));
|
||||
throw new SignatureValidationException(
|
||||
"Signature contains unknown critical subpacket of type " +
|
||||
Long.toHexString(criticalTag));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -281,15 +299,15 @@ public abstract class SignatureValidator {
|
|||
/**
|
||||
* Verify that a signature is effective at the given reference date.
|
||||
*
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return validator
|
||||
*/
|
||||
public static SignatureValidator signatureIsEffective(Date validationDate) {
|
||||
public static SignatureValidator signatureIsEffective(Date referenceDate) {
|
||||
return new SignatureValidator() {
|
||||
@Override
|
||||
public void verify(PGPSignature signature) throws SignatureValidationException {
|
||||
signatureIsAlreadyEffective(validationDate).verify(signature);
|
||||
signatureIsNotYetExpired(validationDate).verify(signature);
|
||||
signatureIsAlreadyEffective(referenceDate).verify(signature);
|
||||
signatureIsNotYetExpired(referenceDate).verify(signature);
|
||||
}
|
||||
};
|
||||
}
|
||||
|
@ -297,10 +315,10 @@ public abstract class SignatureValidator {
|
|||
/**
|
||||
* Verify that a signature was created prior to the given reference date.
|
||||
*
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return validator
|
||||
*/
|
||||
public static SignatureValidator signatureIsAlreadyEffective(Date validationDate) {
|
||||
public static SignatureValidator signatureIsAlreadyEffective(Date referenceDate) {
|
||||
return new SignatureValidator() {
|
||||
@Override
|
||||
public void verify(PGPSignature signature) throws SignatureValidationException {
|
||||
|
@ -310,8 +328,9 @@ public abstract class SignatureValidator {
|
|||
return;
|
||||
}
|
||||
|
||||
if (signatureCreationTime.after(validationDate)) {
|
||||
throw new SignatureValidationException("Signature was created at " + signatureCreationTime + " and is therefore not yet valid at " + validationDate);
|
||||
if (signatureCreationTime.after(referenceDate)) {
|
||||
throw new SignatureValidationException("Signature was created at " + signatureCreationTime +
|
||||
" and is therefore not yet valid at " + referenceDate);
|
||||
}
|
||||
}
|
||||
};
|
||||
|
@ -320,10 +339,10 @@ public abstract class SignatureValidator {
|
|||
/**
|
||||
* Verify that a signature is not yet expired.
|
||||
*
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return validator
|
||||
*/
|
||||
public static SignatureValidator signatureIsNotYetExpired(Date validationDate) {
|
||||
public static SignatureValidator signatureIsNotYetExpired(Date referenceDate) {
|
||||
return new SignatureValidator() {
|
||||
@Override
|
||||
public void verify(PGPSignature signature) throws SignatureValidationException {
|
||||
|
@ -333,8 +352,9 @@ public abstract class SignatureValidator {
|
|||
}
|
||||
|
||||
Date signatureExpirationTime = SignatureSubpacketsUtil.getSignatureExpirationTimeAsDate(signature);
|
||||
if (signatureExpirationTime != null && signatureExpirationTime.before(validationDate)) {
|
||||
throw new SignatureValidationException("Signature is already expired (expiration: " + signatureExpirationTime + ", validation: " + validationDate + ")");
|
||||
if (signatureExpirationTime != null && signatureExpirationTime.before(referenceDate)) {
|
||||
throw new SignatureValidationException("Signature is already expired (expiration: " +
|
||||
signatureExpirationTime + ", validation: " + referenceDate + ")");
|
||||
}
|
||||
}
|
||||
};
|
||||
|
@ -375,7 +395,8 @@ public abstract class SignatureValidator {
|
|||
public void verify(PGPSignature signature) throws SignatureValidationException {
|
||||
SignatureCreationTime creationTime = SignatureSubpacketsUtil.getSignatureCreationTime(signature);
|
||||
if (creationTime == null) {
|
||||
throw new SignatureValidationException("Malformed signature. Signature has no signature creation time subpacket in its hashed area.");
|
||||
throw new SignatureValidationException(
|
||||
"Malformed signature. Signature has no signature creation time subpacket in its hashed area.");
|
||||
}
|
||||
}
|
||||
};
|
||||
|
@ -405,7 +426,8 @@ public abstract class SignatureValidator {
|
|||
Date signatureCreationTime = signature.getCreationTime();
|
||||
|
||||
if (keyCreationTime.after(signatureCreationTime)) {
|
||||
throw new SignatureValidationException("Signature predates key (key creation: " + keyCreationTime + ", signature creation: " + signatureCreationTime + ")");
|
||||
throw new SignatureValidationException("Signature predates key (key creation: " +
|
||||
keyCreationTime + ", signature creation: " + signatureCreationTime + ")");
|
||||
}
|
||||
}
|
||||
};
|
||||
|
@ -425,7 +447,8 @@ public abstract class SignatureValidator {
|
|||
return;
|
||||
}
|
||||
boolean predatesBindingSig = true;
|
||||
Iterator<PGPSignature> bindingSignatures = signingKey.getSignaturesOfType(SignatureType.SUBKEY_BINDING.getCode());
|
||||
Iterator<PGPSignature> bindingSignatures =
|
||||
signingKey.getSignaturesOfType(SignatureType.SUBKEY_BINDING.getCode());
|
||||
if (!bindingSignatures.hasNext()) {
|
||||
throw new SignatureValidationException("Signing subkey does not have a subkey binding signature.");
|
||||
}
|
||||
|
@ -436,7 +459,8 @@ public abstract class SignatureValidator {
|
|||
}
|
||||
}
|
||||
if (predatesBindingSig) {
|
||||
throw new SignatureValidationException("Signature was created before the signing key was bound to the key ring.");
|
||||
throw new SignatureValidationException(
|
||||
"Signature was created before the signing key was bound to the key ring.");
|
||||
}
|
||||
}
|
||||
};
|
||||
|
@ -457,7 +481,8 @@ public abstract class SignatureValidator {
|
|||
throw new SignatureValidationException("Primary key cannot be its own subkey.");
|
||||
}
|
||||
try {
|
||||
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), primaryKey);
|
||||
signature.init(ImplementationFactory.getInstance()
|
||||
.getPGPContentVerifierBuilderProvider(), primaryKey);
|
||||
boolean valid = signature.verifyCertification(primaryKey, subkey);
|
||||
if (!valid) {
|
||||
throw new SignatureValidationException("Signature is not correct.");
|
||||
|
@ -487,7 +512,8 @@ public abstract class SignatureValidator {
|
|||
throw new SignatureValidationException("Primary Key Binding Signature is not correct.");
|
||||
}
|
||||
} catch (PGPException | ClassCastException e) {
|
||||
throw new SignatureValidationException("Cannot verify primary key binding signature correctness", e);
|
||||
throw new SignatureValidationException(
|
||||
"Cannot verify primary key binding signature correctness", e);
|
||||
}
|
||||
}
|
||||
};
|
||||
|
@ -554,7 +580,8 @@ public abstract class SignatureValidator {
|
|||
}
|
||||
}
|
||||
if (!valid) {
|
||||
throw new SignatureValidationException("Signature is of type " + type + " while only " + Arrays.toString(signatureTypes) + " are allowed here.");
|
||||
throw new SignatureValidationException("Signature is of type " + type + " while only " +
|
||||
Arrays.toString(signatureTypes) + " are allowed here.");
|
||||
}
|
||||
}
|
||||
};
|
||||
|
@ -568,18 +595,22 @@ public abstract class SignatureValidator {
|
|||
* @param certifyingKey key that created the signature.
|
||||
* @return validator
|
||||
*/
|
||||
public static SignatureValidator correctSignatureOverUserId(String userId, PGPPublicKey certifiedKey, PGPPublicKey certifyingKey) {
|
||||
public static SignatureValidator correctSignatureOverUserId(String userId, PGPPublicKey certifiedKey,
|
||||
PGPPublicKey certifyingKey) {
|
||||
return new SignatureValidator() {
|
||||
@Override
|
||||
public void verify(PGPSignature signature) throws SignatureValidationException {
|
||||
try {
|
||||
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), certifyingKey);
|
||||
signature.init(ImplementationFactory.getInstance()
|
||||
.getPGPContentVerifierBuilderProvider(), certifyingKey);
|
||||
boolean valid = signature.verifyCertification(userId, certifiedKey);
|
||||
if (!valid) {
|
||||
throw new SignatureValidationException("Signature over user-id '" + userId + "' is not correct.");
|
||||
throw new SignatureValidationException("Signature over user-id '" + userId +
|
||||
"' is not correct.");
|
||||
}
|
||||
} catch (PGPException | ClassCastException e) {
|
||||
throw new SignatureValidationException("Cannot verify signature over user-id '" + userId + "'.", e);
|
||||
throw new SignatureValidationException("Cannot verify signature over user-id '" +
|
||||
userId + "'.", e);
|
||||
}
|
||||
}
|
||||
};
|
||||
|
@ -593,12 +624,15 @@ public abstract class SignatureValidator {
|
|||
* @param certifyingKey key that created the certification signature
|
||||
* @return validator
|
||||
*/
|
||||
public static SignatureValidator correctSignatureOverUserAttributes(PGPUserAttributeSubpacketVector userAttributes, PGPPublicKey certifiedKey, PGPPublicKey certifyingKey) {
|
||||
public static SignatureValidator correctSignatureOverUserAttributes(PGPUserAttributeSubpacketVector userAttributes,
|
||||
PGPPublicKey certifiedKey,
|
||||
PGPPublicKey certifyingKey) {
|
||||
return new SignatureValidator() {
|
||||
@Override
|
||||
public void verify(PGPSignature signature) throws SignatureValidationException {
|
||||
try {
|
||||
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), certifyingKey);
|
||||
signature.init(ImplementationFactory.getInstance()
|
||||
.getPGPContentVerifierBuilderProvider(), certifyingKey);
|
||||
boolean valid = signature.verifyCertification(userAttributes, certifiedKey);
|
||||
if (!valid) {
|
||||
throw new SignatureValidationException("Signature over user-attribute vector is not correct.");
|
||||
|
@ -616,12 +650,16 @@ public abstract class SignatureValidator {
|
|||
public void verify(PGPSignature signature) throws SignatureValidationException {
|
||||
Date timestamp = signature.getCreationTime();
|
||||
if (notBefore != null && timestamp.before(notBefore)) {
|
||||
throw new SignatureValidationException("Signature was made before the earliest allowed signature creation time. Created: " +
|
||||
DateUtil.formatUTCDate(timestamp) + " Earliest allowed: " + DateUtil.formatUTCDate(notBefore));
|
||||
throw new SignatureValidationException(
|
||||
"Signature was made before the earliest allowed signature creation time. Created: " +
|
||||
DateUtil.formatUTCDate(timestamp) + " Earliest allowed: " +
|
||||
DateUtil.formatUTCDate(notBefore));
|
||||
}
|
||||
if (notAfter != null && timestamp.after(notAfter)) {
|
||||
throw new SignatureValidationException("Signature was made after the latest allowed signature creation time. Created: " +
|
||||
DateUtil.formatUTCDate(timestamp) + " Latest allowed: " + DateUtil.formatUTCDate(notAfter));
|
||||
throw new SignatureValidationException(
|
||||
"Signature was made after the latest allowed signature creation time. Created: " +
|
||||
DateUtil.formatUTCDate(timestamp) + " Latest allowed: " +
|
||||
DateUtil.formatUTCDate(notAfter));
|
||||
}
|
||||
}
|
||||
};
|
||||
|
|
|
@ -36,12 +36,13 @@ public final class SignatureVerifier {
|
|||
* @param signingKey key that created the certification
|
||||
* @param keyWithUserId key carrying the user-id
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if signature verification is successful
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifySignatureOverUserId(String userId, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserId, Policy policy, Date validationDate)
|
||||
public static boolean verifySignatureOverUserId(String userId, PGPSignature signature, PGPPublicKey signingKey,
|
||||
PGPPublicKey keyWithUserId, Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
SignatureType type = SignatureType.valueOf(signature.getSignatureType());
|
||||
switch (type) {
|
||||
|
@ -49,9 +50,9 @@ public final class SignatureVerifier {
|
|||
case NO_CERTIFICATION:
|
||||
case CASUAL_CERTIFICATION:
|
||||
case POSITIVE_CERTIFICATION:
|
||||
return verifyUserIdCertification(userId, signature, signingKey, keyWithUserId, policy, validationDate);
|
||||
return verifyUserIdCertification(userId, signature, signingKey, keyWithUserId, policy, referenceDate);
|
||||
case CERTIFICATION_REVOCATION:
|
||||
return verifyUserIdRevocation(userId, signature, signingKey, keyWithUserId, policy, validationDate);
|
||||
return verifyUserIdRevocation(userId, signature, signingKey, keyWithUserId, policy, referenceDate);
|
||||
default:
|
||||
throw new SignatureValidationException("Signature is not a valid user-id certification/revocation signature: " + type);
|
||||
}
|
||||
|
@ -64,14 +65,15 @@ public final class SignatureVerifier {
|
|||
* @param signature certification signature
|
||||
* @param primaryKey primary key
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if the self-signature is verified successfully
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifyUserIdCertification(String userId, PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate)
|
||||
public static boolean verifyUserIdCertification(String userId, PGPSignature signature, PGPPublicKey primaryKey,
|
||||
Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
return verifyUserIdCertification(userId, signature, primaryKey, primaryKey, policy, validationDate);
|
||||
return verifyUserIdCertification(userId, signature, primaryKey, primaryKey, policy, referenceDate);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -82,17 +84,18 @@ public final class SignatureVerifier {
|
|||
* @param signingKey key that created the certification
|
||||
* @param keyWithUserId primary key that carries the user-id
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if signature verification is successful
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifyUserIdCertification(String userId, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserId, Policy policy, Date validationDate)
|
||||
public static boolean verifyUserIdCertification(String userId, PGPSignature signature, PGPPublicKey signingKey,
|
||||
PGPPublicKey keyWithUserId, Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature);
|
||||
SignatureValidator.signatureIsCertification().verify(signature);
|
||||
SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(validationDate).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(referenceDate).verify(signature);
|
||||
SignatureValidator.correctSignatureOverUserId(userId, keyWithUserId, signingKey).verify(signature);
|
||||
|
||||
return true;
|
||||
|
@ -105,14 +108,15 @@ public final class SignatureVerifier {
|
|||
* @param signature user-id revocation signature
|
||||
* @param primaryKey primary key
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if the user-id revocation signature is successfully verified
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifyUserIdRevocation(String userId, PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate)
|
||||
public static boolean verifyUserIdRevocation(String userId, PGPSignature signature, PGPPublicKey primaryKey,
|
||||
Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
return verifyUserIdRevocation(userId, signature, primaryKey, primaryKey, policy, validationDate);
|
||||
return verifyUserIdRevocation(userId, signature, primaryKey, primaryKey, policy, referenceDate);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -123,17 +127,18 @@ public final class SignatureVerifier {
|
|||
* @param signingKey key that created the revocation signature
|
||||
* @param keyWithUserId primary key carrying the user-id
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if the user-id revocation signature is successfully verified
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifyUserIdRevocation(String userId, PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey keyWithUserId, Policy policy, Date validationDate)
|
||||
public static boolean verifyUserIdRevocation(String userId, PGPSignature signature, PGPPublicKey signingKey,
|
||||
PGPPublicKey keyWithUserId, Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature);
|
||||
SignatureValidator.signatureIsOfType(SignatureType.CERTIFICATION_REVOCATION).verify(signature);
|
||||
SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(validationDate).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(referenceDate).verify(signature);
|
||||
SignatureValidator.correctSignatureOverUserId(userId, keyWithUserId, signingKey).verify(signature);
|
||||
|
||||
return true;
|
||||
|
@ -146,16 +151,17 @@ public final class SignatureVerifier {
|
|||
* @param signature certification self-signature
|
||||
* @param primaryKey primary key that carries the user-attributes
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if the signature can be verified successfully
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifyUserAttributesCertification(PGPUserAttributeSubpacketVector userAttributes,
|
||||
PGPSignature signature, PGPPublicKey primaryKey,
|
||||
Policy policy, Date validationDate)
|
||||
Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
return verifyUserAttributesCertification(userAttributes, signature, primaryKey, primaryKey, policy, validationDate);
|
||||
return verifyUserAttributesCertification(userAttributes, signature, primaryKey, primaryKey, policy,
|
||||
referenceDate);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -166,7 +172,7 @@ public final class SignatureVerifier {
|
|||
* @param signingKey key that created the user-attributes certification
|
||||
* @param keyWithUserAttributes key that carries the user-attributes certification
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if the signature can be verified successfully
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
|
@ -174,13 +180,14 @@ public final class SignatureVerifier {
|
|||
public static boolean verifyUserAttributesCertification(PGPUserAttributeSubpacketVector userAttributes,
|
||||
PGPSignature signature, PGPPublicKey signingKey,
|
||||
PGPPublicKey keyWithUserAttributes, Policy policy,
|
||||
Date validationDate)
|
||||
Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature);
|
||||
SignatureValidator.signatureIsCertification().verify(signature);
|
||||
SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(validationDate).verify(signature);
|
||||
SignatureValidator.correctSignatureOverUserAttributes(userAttributes, keyWithUserAttributes, signingKey).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(referenceDate).verify(signature);
|
||||
SignatureValidator.correctSignatureOverUserAttributes(userAttributes, keyWithUserAttributes, signingKey)
|
||||
.verify(signature);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -192,16 +199,16 @@ public final class SignatureVerifier {
|
|||
* @param signature user-attributes revocation signature
|
||||
* @param primaryKey primary key that carries the user-attributes
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if the revocation signature can be verified successfully
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifyUserAttributesRevocation(PGPUserAttributeSubpacketVector userAttributes,
|
||||
PGPSignature signature, PGPPublicKey primaryKey,
|
||||
Policy policy, Date validationDate)
|
||||
Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
return verifyUserAttributesRevocation(userAttributes, signature, primaryKey, primaryKey, policy, validationDate);
|
||||
return verifyUserAttributesRevocation(userAttributes, signature, primaryKey, primaryKey, policy, referenceDate);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -212,7 +219,7 @@ public final class SignatureVerifier {
|
|||
* @param signingKey revocation key
|
||||
* @param keyWithUserAttributes key that carries the user-attributes
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if the revocation signature can be verified successfully
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
|
@ -220,13 +227,14 @@ public final class SignatureVerifier {
|
|||
public static boolean verifyUserAttributesRevocation(PGPUserAttributeSubpacketVector userAttributes,
|
||||
PGPSignature signature, PGPPublicKey signingKey,
|
||||
PGPPublicKey keyWithUserAttributes, Policy policy,
|
||||
Date validationDate)
|
||||
Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature);
|
||||
SignatureValidator.signatureIsOfType(SignatureType.CERTIFICATION_REVOCATION).verify(signature);
|
||||
SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(validationDate).verify(signature);
|
||||
SignatureValidator.correctSignatureOverUserAttributes(userAttributes, keyWithUserAttributes, signingKey).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(referenceDate).verify(signature);
|
||||
SignatureValidator.correctSignatureOverUserAttributes(userAttributes, keyWithUserAttributes, signingKey)
|
||||
.verify(signature);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -238,18 +246,20 @@ public final class SignatureVerifier {
|
|||
* @param primaryKey primary key
|
||||
* @param subkey subkey
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if the binding signature can be verified successfully
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifySubkeyBindingSignature(PGPSignature signature, PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate)
|
||||
public static boolean verifySubkeyBindingSignature(PGPSignature signature, PGPPublicKey primaryKey,
|
||||
PGPPublicKey subkey, Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
SignatureValidator.signatureIsOfType(SignatureType.SUBKEY_BINDING).verify(signature);
|
||||
SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature);
|
||||
SignatureValidator.signatureDoesNotPredateSignee(subkey).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(validationDate).verify(signature);
|
||||
SignatureValidator.hasValidPrimaryKeyBindingSignatureIfRequired(primaryKey, subkey, policy, validationDate).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(referenceDate).verify(signature);
|
||||
SignatureValidator.hasValidPrimaryKeyBindingSignatureIfRequired(primaryKey, subkey, policy, referenceDate)
|
||||
.verify(signature);
|
||||
SignatureValidator.correctSubkeyBindingSignature(primaryKey, subkey).verify(signature);
|
||||
|
||||
return true;
|
||||
|
@ -262,16 +272,18 @@ public final class SignatureVerifier {
|
|||
* @param primaryKey primary key
|
||||
* @param subkey subkey
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if the subkey revocation signature can be verified successfully
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifySubkeyBindingRevocation(PGPSignature signature, PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) throws SignatureValidationException {
|
||||
public static boolean verifySubkeyBindingRevocation(PGPSignature signature, PGPPublicKey primaryKey,
|
||||
PGPPublicKey subkey, Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
SignatureValidator.signatureIsOfType(SignatureType.SUBKEY_REVOCATION).verify(signature);
|
||||
SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature);
|
||||
SignatureValidator.signatureDoesNotPredateSignee(subkey).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(validationDate).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(referenceDate).verify(signature);
|
||||
SignatureValidator.correctSignatureOverKey(primaryKey, subkey).verify(signature);
|
||||
|
||||
return true;
|
||||
|
@ -283,14 +295,15 @@ public final class SignatureVerifier {
|
|||
* @param signature signature
|
||||
* @param primaryKey primary key
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if the signature can be verified successfully
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifyDirectKeySignature(PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate)
|
||||
public static boolean verifyDirectKeySignature(PGPSignature signature, PGPPublicKey primaryKey,
|
||||
Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
return verifyDirectKeySignature(signature, primaryKey, primaryKey, policy, validationDate);
|
||||
return verifyDirectKeySignature(signature, primaryKey, primaryKey, policy, referenceDate);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -300,17 +313,18 @@ public final class SignatureVerifier {
|
|||
* @param signingKey signing key
|
||||
* @param signedKey signed key
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if signature verification is successful
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifyDirectKeySignature(PGPSignature signature, PGPPublicKey signingKey, PGPPublicKey signedKey, Policy policy, Date validationDate)
|
||||
public static boolean verifyDirectKeySignature(PGPSignature signature, PGPPublicKey signingKey,
|
||||
PGPPublicKey signedKey, Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
SignatureValidator.signatureIsOfType(SignatureType.DIRECT_KEY).verify(signature);
|
||||
SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature);
|
||||
SignatureValidator.signatureDoesNotPredateSignee(signedKey).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(validationDate).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(referenceDate).verify(signature);
|
||||
SignatureValidator.correctSignatureOverKey(signingKey, signedKey).verify(signature);
|
||||
|
||||
return true;
|
||||
|
@ -322,16 +336,17 @@ public final class SignatureVerifier {
|
|||
* @param signature signature
|
||||
* @param primaryKey primary key
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if signature verification is successful
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifyKeyRevocationSignature(PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate)
|
||||
public static boolean verifyKeyRevocationSignature(PGPSignature signature, PGPPublicKey primaryKey,
|
||||
Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
SignatureValidator.signatureIsOfType(SignatureType.KEY_REVOCATION).verify(signature);
|
||||
SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(validationDate).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(referenceDate).verify(signature);
|
||||
SignatureValidator.correctSignatureOverKey(primaryKey, primaryKey).verify(signature);
|
||||
|
||||
return true;
|
||||
|
@ -344,14 +359,16 @@ public final class SignatureVerifier {
|
|||
* @param signedData input stream containing the signed data
|
||||
* @param signingKey the key that created the signature
|
||||
* @param policy policy
|
||||
* @param validationDate reference date of signature verification
|
||||
* @param referenceDate reference date of signature verification
|
||||
* @return true if the signature is successfully verified
|
||||
*
|
||||
* @throws SignatureValidationException if the signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifyUninitializedSignature(PGPSignature signature, InputStream signedData, PGPPublicKey signingKey, Policy policy, Date validationDate) throws SignatureValidationException {
|
||||
public static boolean verifyUninitializedSignature(PGPSignature signature, InputStream signedData,
|
||||
PGPPublicKey signingKey, Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
initializeSignatureAndUpdateWithSignedData(signature, signedData, signingKey);
|
||||
return verifyInitializedSignature(signature, signingKey, policy, validationDate);
|
||||
return verifyInitializedSignature(signature, signingKey, policy, referenceDate);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -363,7 +380,8 @@ public final class SignatureVerifier {
|
|||
*
|
||||
* @throws SignatureValidationException in case the signature cannot be verified for some reason
|
||||
*/
|
||||
public static void initializeSignatureAndUpdateWithSignedData(PGPSignature signature, InputStream signedData, PGPPublicKey signingKey)
|
||||
public static void initializeSignatureAndUpdateWithSignedData(PGPSignature signature, InputStream signedData,
|
||||
PGPPublicKey signingKey)
|
||||
throws SignatureValidationException {
|
||||
try {
|
||||
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey);
|
||||
|
@ -399,16 +417,17 @@ public final class SignatureVerifier {
|
|||
* @param signature OpenPGP signature
|
||||
* @param signingKey key that created the signature
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if signature is verified successfully
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifyInitializedSignature(PGPSignature signature, PGPPublicKey signingKey, Policy policy, Date validationDate)
|
||||
public static boolean verifyInitializedSignature(PGPSignature signature, PGPPublicKey signingKey, Policy policy,
|
||||
Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature);
|
||||
SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(validationDate).verify(signature);
|
||||
SignatureValidator.signatureIsEffective(referenceDate).verify(signature);
|
||||
|
||||
try {
|
||||
if (!signature.verify()) {
|
||||
|
@ -420,7 +439,8 @@ public final class SignatureVerifier {
|
|||
}
|
||||
}
|
||||
|
||||
public static boolean verifyOnePassSignature(PGPSignature signature, PGPPublicKey signingKey, OnePassSignatureCheck onePassSignature, Policy policy)
|
||||
public static boolean verifyOnePassSignature(PGPSignature signature, PGPPublicKey signingKey,
|
||||
OnePassSignatureCheck onePassSignature, Policy policy)
|
||||
throws SignatureValidationException {
|
||||
try {
|
||||
SignatureValidator.wasPossiblyMadeByKey(signingKey).verify(signature);
|
||||
|
@ -435,10 +455,12 @@ public final class SignatureVerifier {
|
|||
throw new IllegalStateException("No comparison signature provided.");
|
||||
}
|
||||
if (!onePassSignature.getOnePassSignature().verify(signature)) {
|
||||
throw new SignatureValidationException("Bad signature of key " + Long.toHexString(signingKey.getKeyID()));
|
||||
throw new SignatureValidationException("Bad signature of key " +
|
||||
Long.toHexString(signingKey.getKeyID()));
|
||||
}
|
||||
} catch (PGPException e) {
|
||||
throw new SignatureValidationException("Could not verify correctness of One-Pass-Signature: " + e.getMessage(), e);
|
||||
throw new SignatureValidationException("Could not verify correctness of One-Pass-Signature: " +
|
||||
e.getMessage(), e);
|
||||
}
|
||||
|
||||
return true;
|
||||
|
@ -451,13 +473,14 @@ public final class SignatureVerifier {
|
|||
* @param signature self-signature
|
||||
* @param primaryKey primary key that created the signature
|
||||
* @param policy policy
|
||||
* @param validationDate reference date for signature verification
|
||||
* @param referenceDate reference date for signature verification
|
||||
* @return true if the signature is successfully verified
|
||||
*
|
||||
* @throws SignatureValidationException if signature verification fails for some reason
|
||||
*/
|
||||
public static boolean verifySignatureOverUserId(String userId, PGPSignature signature, PGPPublicKey primaryKey, Policy policy, Date validationDate)
|
||||
public static boolean verifySignatureOverUserId(String userId, PGPSignature signature, PGPPublicKey primaryKey,
|
||||
Policy policy, Date referenceDate)
|
||||
throws SignatureValidationException {
|
||||
return verifySignatureOverUserId(userId, signature, primaryKey, primaryKey, policy, validationDate);
|
||||
return verifySignatureOverUserId(userId, signature, primaryKey, primaryKey, policy, referenceDate);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue