mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-26 22:32:07 +01:00
Refactoring
This commit is contained in:
parent
5a9b8a2c50
commit
8c3b694a71
GPG key ID:
62BEE9264BF17311
8 changed files with 94 additions and 91 deletions
|
|
@ -28,7 +28,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
|||
import org.bouncycastle.util.io.Streams;
|
||||
import org.pgpainless.PGPainless;
|
||||
import org.pgpainless.signature.DetachedSignature;
|
||||
import org.pgpainless.signature.SignatureChainValidator;
|
||||
import org.pgpainless.signature.CertificateValidator;
|
||||
import org.pgpainless.exception.SignatureValidationException;
|
||||
import org.pgpainless.util.IntegrityProtectedInputStream;
|
||||
|
||||
|
|
@ -105,7 +105,7 @@ public class DecryptionStream extends InputStream {
|
|||
for (DetachedSignature s : resultBuilder.getDetachedSignatures()) {
|
||||
try {
|
||||
verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(s.getSignature());
|
||||
boolean verified = SignatureChainValidator.validateSignature(s.getSignature(), (PGPPublicKeyRing) s.getSigningKeyRing(), PGPainless.getPolicy());
|
||||
boolean verified = CertificateValidator.validateCertificateAndVerifyInitializedSignature(s.getSignature(), (PGPPublicKeyRing) s.getSigningKeyRing(), PGPainless.getPolicy());
|
||||
s.setVerified(verified);
|
||||
} catch (SignatureValidationException e) {
|
||||
LOGGER.log(Level.WARNING, "Could not verify signature of key " + s.getSigningKeyIdentifier(), e);
|
||||
|
|
|
|||
|
|
@ -20,21 +20,20 @@ import static org.pgpainless.signature.SignatureValidator.verifySignatureCreatio
|
|||
import java.io.FilterInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.SignatureException;
|
||||
import java.util.Map;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import javax.annotation.Nonnull;
|
||||
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPObjectFactory;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.bouncycastle.openpgp.PGPSignatureList;
|
||||
import org.pgpainless.PGPainless;
|
||||
import org.pgpainless.exception.SignatureValidationException;
|
||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||
import org.pgpainless.policy.Policy;
|
||||
import org.pgpainless.signature.OnePassSignature;
|
||||
import org.pgpainless.signature.SignatureChainValidator;
|
||||
import org.pgpainless.signature.CertificateValidator;
|
||||
|
||||
public class SignatureVerifyingInputStream extends FilterInputStream {
|
||||
|
||||
|
|
@ -103,7 +102,7 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
|
|||
}
|
||||
|
||||
verifySignatureOrThrowSignatureException(signature, onePassSignature);
|
||||
} catch (PGPException | SignatureException e) {
|
||||
} catch (SignatureValidationException e) {
|
||||
LOGGER.log(LEVEL, "One-pass-signature verification failed for signature made by key " +
|
||||
Long.toHexString(signature.getKeyID()) + ": " + e.getMessage(), e);
|
||||
}
|
||||
|
|
@ -111,10 +110,10 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
|
|||
}
|
||||
|
||||
private void verifySignatureOrThrowSignatureException(PGPSignature signature, OnePassSignature onePassSignature)
|
||||
throws PGPException, SignatureException {
|
||||
throws SignatureValidationException {
|
||||
Policy policy = PGPainless.getPolicy();
|
||||
verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(signature);
|
||||
SignatureChainValidator.validateOnePassSignature(signature, onePassSignature, policy);
|
||||
CertificateValidator.validateCertificateAndVerifyOnePassSignature(signature, onePassSignature, policy);
|
||||
}
|
||||
|
||||
private OnePassSignature findOnePassSignature(OpenPgpV4Fingerprint fingerprint) {
|
||||
|
|
|
|||
|
|
@ -15,12 +15,9 @@
|
|||
*/
|
||||
package org.pgpainless.signature;
|
||||
|
||||
import static org.pgpainless.signature.SignatureValidator.signatureIsEffective;
|
||||
import static org.pgpainless.signature.SignatureValidator.signatureStructureIsAcceptable;
|
||||
import static org.pgpainless.signature.SignatureValidator.verifyWasPossiblyMadeByKey;
|
||||
import static org.pgpainless.signature.SignatureValidator.verifyOnePassSignature;
|
||||
|
||||
import java.io.InputStream;
|
||||
import java.security.SignatureException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
|
|
@ -33,7 +30,6 @@ import java.util.logging.Logger;
|
|||
|
||||
import org.bouncycastle.bcpg.sig.KeyFlags;
|
||||
import org.bouncycastle.bcpg.sig.SignerUserID;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
|
|
@ -48,13 +44,13 @@ import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
|
|||
* Its responsibilities are checking if a signing key was eligible to create a certain signature
|
||||
* and if the signature is valid at the time of validation.
|
||||
*/
|
||||
public final class SignatureChainValidator {
|
||||
public final class CertificateValidator {
|
||||
|
||||
private SignatureChainValidator() {
|
||||
private CertificateValidator() {
|
||||
|
||||
}
|
||||
|
||||
private static final Logger LOGGER = Logger.getLogger(SignatureChainValidator.class.getName());
|
||||
private static final Logger LOGGER = Logger.getLogger(CertificateValidator.class.getName());
|
||||
|
||||
/**
|
||||
* Check if the signing key was eligible to create the provided signature.
|
||||
|
|
@ -71,7 +67,7 @@ public final class SignatureChainValidator {
|
|||
* @return true if the signing key was eligible to create the signature
|
||||
* @throws SignatureValidationException in case of a validation constraint violation
|
||||
*/
|
||||
public static boolean validateSigningKey(PGPSignature signature, PGPPublicKeyRing signingKeyRing, Policy policy)
|
||||
public static boolean validateCertificate(PGPSignature signature, PGPPublicKeyRing signingKeyRing, Policy policy)
|
||||
throws SignatureValidationException {
|
||||
|
||||
Map<PGPSignature, Exception> rejections = new ConcurrentHashMap<>();
|
||||
|
|
@ -240,13 +236,13 @@ public final class SignatureChainValidator {
|
|||
* @return true if the signature is valid, false otherwise
|
||||
* @throws SignatureValidationException for validation constraint violations
|
||||
*/
|
||||
public static boolean validateSignatureChain(PGPSignature signature,
|
||||
InputStream signedData,
|
||||
PGPPublicKeyRing signingKeyRing,
|
||||
Policy policy,
|
||||
Date validationDate)
|
||||
public static boolean validateCertificateAndVerifyUninitializedSignature(PGPSignature signature,
|
||||
InputStream signedData,
|
||||
PGPPublicKeyRing signingKeyRing,
|
||||
Policy policy,
|
||||
Date validationDate)
|
||||
throws SignatureValidationException {
|
||||
validateSigningKey(signature, signingKeyRing, policy);
|
||||
validateCertificate(signature, signingKeyRing, policy);
|
||||
long keyId = SignatureUtils.determineIssuerKeyId(signature);
|
||||
return SignatureValidator.verifyUninitializedSignature(signature, signedData, signingKeyRing.getPublicKey(keyId), policy, validationDate);
|
||||
}
|
||||
|
|
@ -261,34 +257,20 @@ public final class SignatureChainValidator {
|
|||
* @return true if the signature is valid, false otherwise
|
||||
* @throws SignatureValidationException in case of a validation constraint violation
|
||||
*/
|
||||
public static boolean validateSignature(PGPSignature signature, PGPPublicKeyRing verificationKeys, Policy policy)
|
||||
public static boolean validateCertificateAndVerifyInitializedSignature(PGPSignature signature, PGPPublicKeyRing verificationKeys, Policy policy)
|
||||
throws SignatureValidationException {
|
||||
validateSigningKey(signature, verificationKeys, policy);
|
||||
validateCertificate(signature, verificationKeys, policy);
|
||||
long keyId = SignatureUtils.determineIssuerKeyId(signature);
|
||||
PGPPublicKey signingKey = verificationKeys.getPublicKey(keyId);
|
||||
SignatureValidator.verifyInitializedSignature(signature, signingKey, policy, signature.getCreationTime());
|
||||
return true;
|
||||
}
|
||||
|
||||
public static boolean validateOnePassSignature(PGPSignature signature, OnePassSignature onePassSignature, Policy policy) throws PGPException, SignatureException {
|
||||
public static boolean validateCertificateAndVerifyOnePassSignature(PGPSignature signature, OnePassSignature onePassSignature, Policy policy)
|
||||
throws SignatureValidationException {
|
||||
validateCertificate(signature, onePassSignature.getVerificationKeys(), policy);
|
||||
PGPPublicKey signingKey = onePassSignature.getVerificationKeys().getPublicKey(signature.getKeyID());
|
||||
try {
|
||||
verifyWasPossiblyMadeByKey(signingKey, signature);
|
||||
signatureStructureIsAcceptable(signingKey, policy).verify(signature);
|
||||
signatureIsEffective().verify(signature);
|
||||
} catch (SignatureValidationException e) {
|
||||
throw new SignatureException("Signature is not valid: " + e.getMessage(), e);
|
||||
}
|
||||
|
||||
try {
|
||||
validateSigningKey(signature, onePassSignature.getVerificationKeys(), policy);
|
||||
} catch (SignatureValidationException e) {
|
||||
throw new SignatureException("Signing key " + Long.toHexString(signingKey.getKeyID()) + " is not valid: " + e.getMessage(), e);
|
||||
}
|
||||
if (!onePassSignature.verify(signature)) {
|
||||
throw new SignatureException("Bad signature of key " + Long.toHexString(signingKey.getKeyID()));
|
||||
}
|
||||
|
||||
verifyOnePassSignature(signature, signingKey, onePassSignature, policy);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
@ -83,8 +83,9 @@ public abstract class SignatureValidator {
|
|||
try {
|
||||
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey);
|
||||
int read;
|
||||
while ((read = signedData.read()) != -1) {
|
||||
signature.update((byte) read);
|
||||
byte[] buf = new byte[8192];
|
||||
while ((read = signedData.read(buf)) != -1) {
|
||||
signature.update(buf, 0, read);
|
||||
}
|
||||
} catch (PGPException e) {
|
||||
throw new SignatureValidationException("Cannot init signature.", e);
|
||||
|
|
@ -121,6 +122,27 @@ public abstract class SignatureValidator {
|
|||
}
|
||||
}
|
||||
|
||||
public static boolean verifyOnePassSignature(PGPSignature signature, PGPPublicKey signingKey, OnePassSignature onePassSignature, Policy policy)
|
||||
throws SignatureValidationException {
|
||||
try {
|
||||
verifyWasPossiblyMadeByKey(signingKey, signature);
|
||||
signatureStructureIsAcceptable(signingKey, policy).verify(signature);
|
||||
signatureIsEffective().verify(signature);
|
||||
} catch (SignatureValidationException e) {
|
||||
throw new SignatureValidationException("Signature is not valid: " + e.getMessage(), e);
|
||||
}
|
||||
|
||||
try {
|
||||
if (!onePassSignature.verify(signature)) {
|
||||
throw new SignatureValidationException("Bad signature of key " + Long.toHexString(signingKey.getKeyID()));
|
||||
}
|
||||
} catch (PGPException e) {
|
||||
throw new SignatureValidationException("Could not verify correctness of One-Pass-Signature: " + e.getMessage(), e);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify a signature (certification or revocation) over a user-id.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ import org.bouncycastle.util.Strings;
|
|||
import org.pgpainless.PGPainless;
|
||||
import org.pgpainless.exception.SignatureValidationException;
|
||||
import org.pgpainless.implementation.ImplementationFactory;
|
||||
import org.pgpainless.signature.SignatureChainValidator;
|
||||
import org.pgpainless.signature.CertificateValidator;
|
||||
import org.pgpainless.util.ArmoredInputStreamFactory;
|
||||
|
||||
/**
|
||||
|
|
@ -140,7 +140,7 @@ public class CleartextSignatureProcessor {
|
|||
}
|
||||
sigIn.close();
|
||||
|
||||
SignatureChainValidator.validateSignature(signature, signingKeyRing, PGPainless.getPolicy());
|
||||
CertificateValidator.validateCertificateAndVerifyInitializedSignature(signature, signingKeyRing, PGPainless.getPolicy());
|
||||
return signature;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2016,7 +2016,7 @@ public class BindingSignatureSubpacketsTest {
|
|||
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
||||
|
||||
try {
|
||||
SignatureChainValidator.validateSignatureChain(signature, getSignedData(data), publicKeys, policy, validationDate);
|
||||
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(signature, getSignedData(data), publicKeys, policy, validationDate);
|
||||
} catch (SignatureValidationException e) {
|
||||
// CHECKSTYLE:OFF
|
||||
e.printStackTrace();
|
||||
|
|
@ -2030,7 +2030,7 @@ public class BindingSignatureSubpacketsTest {
|
|||
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
||||
|
||||
assertThrows(SignatureValidationException.class, () ->
|
||||
SignatureChainValidator.validateSignatureChain(
|
||||
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
signature, getSignedData(data), publicKeys, policy, validationDate),
|
||||
message);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ import org.pgpainless.exception.SignatureValidationException;
|
|||
import org.pgpainless.implementation.ImplementationFactory;
|
||||
import org.pgpainless.policy.Policy;
|
||||
|
||||
public class SignatureChainValidatorTest {
|
||||
public class CertificateValidatorTest {
|
||||
|
||||
/**
|
||||
* Primary Key signs and is hard revoked with reason: unknown.
|
||||
|
|
@ -181,16 +181,16 @@ public class SignatureChainValidatorTest {
|
|||
Date validationDate = new Date();
|
||||
String data = "Hello, World";
|
||||
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Signature predates primary key");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
unboundSubkey, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Primary key hard revoked");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
primaryKeyRevoked, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Primary key hard revoked");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
primaryKeyRevalidated, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Primary key hard revoked");
|
||||
}
|
||||
|
|
@ -333,16 +333,16 @@ public class SignatureChainValidatorTest {
|
|||
Date validationDate = new Date();
|
||||
String data = "Hello, World";
|
||||
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Signature predates primary key");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
unboundSubkey, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Signing key unbound + hard revocation");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
revokedSubkey, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Primary key is hard revoked");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
revalidatedSubkey, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Primary key is hard revoked");
|
||||
}
|
||||
|
|
@ -486,16 +486,16 @@ public class SignatureChainValidatorTest {
|
|||
Date validationDate = new Date();
|
||||
String data = "Hello World :)";
|
||||
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Signature predates primary key");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
unboundKey, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Signing key unbound + hard revocation");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
afterHardRevocation, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Hard revocation invalidates key at all times");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
afterRevalidation, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Hard revocation invalidates key at all times");
|
||||
}
|
||||
|
|
@ -638,22 +638,22 @@ public class SignatureChainValidatorTest {
|
|||
String data = "Hello, World";
|
||||
|
||||
// Sig not valid, as it predates the signing key creation time
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
predatesPrimaryKey, getSignedData(data), publicKeys, policy, predatesPrimaryKey.getCreationTime()),
|
||||
"Signature predates primary key creation date");
|
||||
|
||||
// Sig valid
|
||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
||||
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
keyIsValid, getSignedData(data), publicKeys, policy, keyIsValid.getCreationTime()),
|
||||
"Signature is valid");
|
||||
|
||||
// Sig not valid, as the signing key is revoked
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
keyIsRevoked, getSignedData(data), publicKeys, policy, keyIsRevoked.getCreationTime()),
|
||||
"Signing key is revoked at this point");
|
||||
|
||||
// Sig valid, as the signing key is revalidated
|
||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
||||
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
keyIsRevalidated, getSignedData(data), publicKeys, policy, keyIsRevalidated.getCreationTime()),
|
||||
"Signature is valid, as signing key is revalidated");
|
||||
}
|
||||
|
|
@ -797,17 +797,17 @@ public class SignatureChainValidatorTest {
|
|||
String data = "Hello, World";
|
||||
Date validationDate = new Date();
|
||||
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Signature predates primary key creation date");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
keyNotBound, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Signing key is not bound at this point");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
keyRevoked, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Signing key is revoked at this point");
|
||||
assertDoesNotThrow(() ->
|
||||
SignatureChainValidator.validateSignatureChain(
|
||||
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
valid, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Signing key is revalidated");
|
||||
}
|
||||
|
|
@ -951,17 +951,17 @@ public class SignatureChainValidatorTest {
|
|||
Date validationDate = new Date();
|
||||
String data = "Hello, World";
|
||||
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Signature predates primary key creation date");
|
||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
||||
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
valid, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Signature is valid");
|
||||
assertThrows(SignatureValidationException.class, () ->
|
||||
SignatureChainValidator.validateSignatureChain(
|
||||
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
revoked, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Primary key is revoked");
|
||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
||||
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
revalidated, getSignedData(data), publicKeys, policy, validationDate),
|
||||
"Primary key is re-legitimized");
|
||||
}
|
||||
|
|
@ -1292,43 +1292,43 @@ public class SignatureChainValidatorTest {
|
|||
Date validationDate = new Date();
|
||||
String data = "Hello World :)";
|
||||
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
sigAT0, getSignedData(data), keysA, policy, validationDate),
|
||||
"Signature predates key creation time");
|
||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
||||
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
sigAT1_T2, getSignedData(data), keysA, policy, validationDate),
|
||||
"Key valid");
|
||||
assertThrows(SignatureValidationException.class, () ->
|
||||
SignatureChainValidator.validateSignatureChain(
|
||||
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
sigAT2_T3, getSignedData(data), keysA, policy, validationDate),
|
||||
"Key is not valid, as subkey binding expired");
|
||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
||||
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
sigAT3_now, getSignedData(data), keysA, policy, validationDate),
|
||||
"Key is valid again");
|
||||
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
sigBT0, getSignedData(data), keysB, policy, validationDate),
|
||||
"Signature predates key creation time");
|
||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
||||
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
sigBT1_T2, getSignedData(data), keysB, policy, validationDate),
|
||||
"Key is valid");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
sigBT2_T3, getSignedData(data), keysB, policy, validationDate),
|
||||
"Primary key is not signing-capable");
|
||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
||||
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
sigBT3_now, getSignedData(data), keysB, policy, validationDate),
|
||||
"Key is valid again");
|
||||
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
sigCT0, getSignedData(data), keysC, policy, validationDate),
|
||||
"Signature predates key creation time");
|
||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
||||
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
sigCT1_T2, getSignedData(data), keysC, policy, validationDate),
|
||||
"Key is valid");
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
sigCT2_T3, getSignedData(data), keysC, policy, validationDate),
|
||||
"Key is revoked");
|
||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
||||
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||
sigCT3_now, getSignedData(data), keysC, policy, validationDate),
|
||||
"Key is valid again");
|
||||
}
|
||||
|
|
@ -164,16 +164,16 @@ public class KeyRevocationTest {
|
|||
PGPSignature t2t3 = SignatureUtils.readSignatures(sigT2T3).get(0);
|
||||
PGPSignature t3now = SignatureUtils.readSignatures(sigT3Now).get(0);
|
||||
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t0,
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t0,
|
||||
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
||||
publicKeys, PGPainless.getPolicy(), new Date()));
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t1t2,
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t1t2,
|
||||
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
||||
publicKeys, PGPainless.getPolicy(), new Date()));
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t2t3,
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t2t3,
|
||||
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
||||
publicKeys, PGPainless.getPolicy(), new Date()));
|
||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t3now,
|
||||
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t3now,
|
||||
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
||||
publicKeys, PGPainless.getPolicy(), new Date()));
|
||||
}
|
||||
|
|
@ -267,7 +267,7 @@ public class KeyRevocationTest {
|
|||
PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key);
|
||||
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
||||
|
||||
SignatureChainValidator.validateSignatureChain(signature,
|
||||
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(signature,
|
||||
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
||||
publicKeys, PGPainless.getPolicy(), new Date());
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue