diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStream.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStream.java index c04229b2..3313e069 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStream.java +++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStream.java @@ -28,7 +28,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.util.io.Streams; import org.pgpainless.PGPainless; import org.pgpainless.signature.DetachedSignature; -import org.pgpainless.signature.SignatureChainValidator; +import org.pgpainless.signature.CertificateValidator; import org.pgpainless.exception.SignatureValidationException; import org.pgpainless.util.IntegrityProtectedInputStream; @@ -105,7 +105,7 @@ public class DecryptionStream extends InputStream { for (DetachedSignature s : resultBuilder.getDetachedSignatures()) { try { verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(s.getSignature()); - boolean verified = SignatureChainValidator.validateSignature(s.getSignature(), (PGPPublicKeyRing) s.getSigningKeyRing(), PGPainless.getPolicy()); + boolean verified = CertificateValidator.validateCertificateAndVerifyInitializedSignature(s.getSignature(), (PGPPublicKeyRing) s.getSigningKeyRing(), PGPainless.getPolicy()); s.setVerified(verified); } catch (SignatureValidationException e) { LOGGER.log(Level.WARNING, "Could not verify signature of key " + s.getSigningKeyIdentifier(), e); diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/SignatureVerifyingInputStream.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/SignatureVerifyingInputStream.java index 902c80cd..fbbd8b21 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/SignatureVerifyingInputStream.java +++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/SignatureVerifyingInputStream.java @@ -20,21 +20,20 @@ import static org.pgpainless.signature.SignatureValidator.verifySignatureCreatio import java.io.FilterInputStream; import java.io.IOException; import java.io.InputStream; -import java.security.SignatureException; import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; import javax.annotation.Nonnull; -import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignatureList; import org.pgpainless.PGPainless; +import org.pgpainless.exception.SignatureValidationException; import org.pgpainless.key.OpenPgpV4Fingerprint; import org.pgpainless.policy.Policy; import org.pgpainless.signature.OnePassSignature; -import org.pgpainless.signature.SignatureChainValidator; +import org.pgpainless.signature.CertificateValidator; public class SignatureVerifyingInputStream extends FilterInputStream { @@ -103,7 +102,7 @@ public class SignatureVerifyingInputStream extends FilterInputStream { } verifySignatureOrThrowSignatureException(signature, onePassSignature); - } catch (PGPException | SignatureException e) { + } catch (SignatureValidationException e) { LOGGER.log(LEVEL, "One-pass-signature verification failed for signature made by key " + Long.toHexString(signature.getKeyID()) + ": " + e.getMessage(), e); } @@ -111,10 +110,10 @@ public class SignatureVerifyingInputStream extends FilterInputStream { } private void verifySignatureOrThrowSignatureException(PGPSignature signature, OnePassSignature onePassSignature) - throws PGPException, SignatureException { + throws SignatureValidationException { Policy policy = PGPainless.getPolicy(); verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(signature); - SignatureChainValidator.validateOnePassSignature(signature, onePassSignature, policy); + CertificateValidator.validateCertificateAndVerifyOnePassSignature(signature, onePassSignature, policy); } private OnePassSignature findOnePassSignature(OpenPgpV4Fingerprint fingerprint) { diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureChainValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/CertificateValidator.java similarity index 85% rename from pgpainless-core/src/main/java/org/pgpainless/signature/SignatureChainValidator.java rename to pgpainless-core/src/main/java/org/pgpainless/signature/CertificateValidator.java index ecf8b4d7..15cc735a 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureChainValidator.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/CertificateValidator.java @@ -15,12 +15,9 @@ */ package org.pgpainless.signature; -import static org.pgpainless.signature.SignatureValidator.signatureIsEffective; -import static org.pgpainless.signature.SignatureValidator.signatureStructureIsAcceptable; -import static org.pgpainless.signature.SignatureValidator.verifyWasPossiblyMadeByKey; +import static org.pgpainless.signature.SignatureValidator.verifyOnePassSignature; import java.io.InputStream; -import java.security.SignatureException; import java.util.ArrayList; import java.util.Collections; import java.util.Date; @@ -33,7 +30,6 @@ import java.util.logging.Logger; import org.bouncycastle.bcpg.sig.KeyFlags; import org.bouncycastle.bcpg.sig.SignerUserID; -import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSignature; @@ -48,13 +44,13 @@ import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil; * Its responsibilities are checking if a signing key was eligible to create a certain signature * and if the signature is valid at the time of validation. */ -public final class SignatureChainValidator { +public final class CertificateValidator { - private SignatureChainValidator() { + private CertificateValidator() { } - private static final Logger LOGGER = Logger.getLogger(SignatureChainValidator.class.getName()); + private static final Logger LOGGER = Logger.getLogger(CertificateValidator.class.getName()); /** * Check if the signing key was eligible to create the provided signature. @@ -71,7 +67,7 @@ public final class SignatureChainValidator { * @return true if the signing key was eligible to create the signature * @throws SignatureValidationException in case of a validation constraint violation */ - public static boolean validateSigningKey(PGPSignature signature, PGPPublicKeyRing signingKeyRing, Policy policy) + public static boolean validateCertificate(PGPSignature signature, PGPPublicKeyRing signingKeyRing, Policy policy) throws SignatureValidationException { Map rejections = new ConcurrentHashMap<>(); @@ -240,13 +236,13 @@ public final class SignatureChainValidator { * @return true if the signature is valid, false otherwise * @throws SignatureValidationException for validation constraint violations */ - public static boolean validateSignatureChain(PGPSignature signature, - InputStream signedData, - PGPPublicKeyRing signingKeyRing, - Policy policy, - Date validationDate) + public static boolean validateCertificateAndVerifyUninitializedSignature(PGPSignature signature, + InputStream signedData, + PGPPublicKeyRing signingKeyRing, + Policy policy, + Date validationDate) throws SignatureValidationException { - validateSigningKey(signature, signingKeyRing, policy); + validateCertificate(signature, signingKeyRing, policy); long keyId = SignatureUtils.determineIssuerKeyId(signature); return SignatureValidator.verifyUninitializedSignature(signature, signedData, signingKeyRing.getPublicKey(keyId), policy, validationDate); } @@ -261,34 +257,20 @@ public final class SignatureChainValidator { * @return true if the signature is valid, false otherwise * @throws SignatureValidationException in case of a validation constraint violation */ - public static boolean validateSignature(PGPSignature signature, PGPPublicKeyRing verificationKeys, Policy policy) + public static boolean validateCertificateAndVerifyInitializedSignature(PGPSignature signature, PGPPublicKeyRing verificationKeys, Policy policy) throws SignatureValidationException { - validateSigningKey(signature, verificationKeys, policy); + validateCertificate(signature, verificationKeys, policy); long keyId = SignatureUtils.determineIssuerKeyId(signature); PGPPublicKey signingKey = verificationKeys.getPublicKey(keyId); SignatureValidator.verifyInitializedSignature(signature, signingKey, policy, signature.getCreationTime()); return true; } - public static boolean validateOnePassSignature(PGPSignature signature, OnePassSignature onePassSignature, Policy policy) throws PGPException, SignatureException { + public static boolean validateCertificateAndVerifyOnePassSignature(PGPSignature signature, OnePassSignature onePassSignature, Policy policy) + throws SignatureValidationException { + validateCertificate(signature, onePassSignature.getVerificationKeys(), policy); PGPPublicKey signingKey = onePassSignature.getVerificationKeys().getPublicKey(signature.getKeyID()); - try { - verifyWasPossiblyMadeByKey(signingKey, signature); - signatureStructureIsAcceptable(signingKey, policy).verify(signature); - signatureIsEffective().verify(signature); - } catch (SignatureValidationException e) { - throw new SignatureException("Signature is not valid: " + e.getMessage(), e); - } - - try { - validateSigningKey(signature, onePassSignature.getVerificationKeys(), policy); - } catch (SignatureValidationException e) { - throw new SignatureException("Signing key " + Long.toHexString(signingKey.getKeyID()) + " is not valid: " + e.getMessage(), e); - } - if (!onePassSignature.verify(signature)) { - throw new SignatureException("Bad signature of key " + Long.toHexString(signingKey.getKeyID())); - } - + verifyOnePassSignature(signature, signingKey, onePassSignature, policy); return true; } } diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java index 18003077..14fa3ce7 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java @@ -83,8 +83,9 @@ public abstract class SignatureValidator { try { signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey); int read; - while ((read = signedData.read()) != -1) { - signature.update((byte) read); + byte[] buf = new byte[8192]; + while ((read = signedData.read(buf)) != -1) { + signature.update(buf, 0, read); } } catch (PGPException e) { throw new SignatureValidationException("Cannot init signature.", e); @@ -121,6 +122,27 @@ public abstract class SignatureValidator { } } + public static boolean verifyOnePassSignature(PGPSignature signature, PGPPublicKey signingKey, OnePassSignature onePassSignature, Policy policy) + throws SignatureValidationException { + try { + verifyWasPossiblyMadeByKey(signingKey, signature); + signatureStructureIsAcceptable(signingKey, policy).verify(signature); + signatureIsEffective().verify(signature); + } catch (SignatureValidationException e) { + throw new SignatureValidationException("Signature is not valid: " + e.getMessage(), e); + } + + try { + if (!onePassSignature.verify(signature)) { + throw new SignatureValidationException("Bad signature of key " + Long.toHexString(signingKey.getKeyID())); + } + } catch (PGPException e) { + throw new SignatureValidationException("Could not verify correctness of One-Pass-Signature: " + e.getMessage(), e); + } + + return true; + } + /** * Verify a signature (certification or revocation) over a user-id. * diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/CleartextSignatureProcessor.java b/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/CleartextSignatureProcessor.java index a78682bd..17e7316d 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/CleartextSignatureProcessor.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/CleartextSignatureProcessor.java @@ -36,7 +36,7 @@ import org.bouncycastle.util.Strings; import org.pgpainless.PGPainless; import org.pgpainless.exception.SignatureValidationException; import org.pgpainless.implementation.ImplementationFactory; -import org.pgpainless.signature.SignatureChainValidator; +import org.pgpainless.signature.CertificateValidator; import org.pgpainless.util.ArmoredInputStreamFactory; /** @@ -140,7 +140,7 @@ public class CleartextSignatureProcessor { } sigIn.close(); - SignatureChainValidator.validateSignature(signature, signingKeyRing, PGPainless.getPolicy()); + CertificateValidator.validateCertificateAndVerifyInitializedSignature(signature, signingKeyRing, PGPainless.getPolicy()); return signature; } diff --git a/pgpainless-core/src/test/java/org/pgpainless/signature/BindingSignatureSubpacketsTest.java b/pgpainless-core/src/test/java/org/pgpainless/signature/BindingSignatureSubpacketsTest.java index 91a62079..36e71d05 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/signature/BindingSignatureSubpacketsTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/signature/BindingSignatureSubpacketsTest.java @@ -2016,7 +2016,7 @@ public class BindingSignatureSubpacketsTest { PGPSignature signature = SignatureUtils.readSignatures(sig).get(0); try { - SignatureChainValidator.validateSignatureChain(signature, getSignedData(data), publicKeys, policy, validationDate); + CertificateValidator.validateCertificateAndVerifyUninitializedSignature(signature, getSignedData(data), publicKeys, policy, validationDate); } catch (SignatureValidationException e) { // CHECKSTYLE:OFF e.printStackTrace(); @@ -2030,7 +2030,7 @@ public class BindingSignatureSubpacketsTest { PGPSignature signature = SignatureUtils.readSignatures(sig).get(0); assertThrows(SignatureValidationException.class, () -> - SignatureChainValidator.validateSignatureChain( + CertificateValidator.validateCertificateAndVerifyUninitializedSignature( signature, getSignedData(data), publicKeys, policy, validationDate), message); } diff --git a/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureChainValidatorTest.java b/pgpainless-core/src/test/java/org/pgpainless/signature/CertificateValidatorTest.java similarity index 95% rename from pgpainless-core/src/test/java/org/pgpainless/signature/SignatureChainValidatorTest.java rename to pgpainless-core/src/test/java/org/pgpainless/signature/CertificateValidatorTest.java index 9fe6ed42..4be8e551 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureChainValidatorTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/signature/CertificateValidatorTest.java @@ -40,7 +40,7 @@ import org.pgpainless.exception.SignatureValidationException; import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.policy.Policy; -public class SignatureChainValidatorTest { +public class CertificateValidatorTest { /** * Primary Key signs and is hard revoked with reason: unknown. @@ -181,16 +181,16 @@ public class SignatureChainValidatorTest { Date validationDate = new Date(); String data = "Hello, World"; - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate), "Signature predates primary key"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( unboundSubkey, getSignedData(data), publicKeys, policy, validationDate), "Primary key hard revoked"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( primaryKeyRevoked, getSignedData(data), publicKeys, policy, validationDate), "Primary key hard revoked"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( primaryKeyRevalidated, getSignedData(data), publicKeys, policy, validationDate), "Primary key hard revoked"); } @@ -333,16 +333,16 @@ public class SignatureChainValidatorTest { Date validationDate = new Date(); String data = "Hello, World"; - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate), "Signature predates primary key"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( unboundSubkey, getSignedData(data), publicKeys, policy, validationDate), "Signing key unbound + hard revocation"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( revokedSubkey, getSignedData(data), publicKeys, policy, validationDate), "Primary key is hard revoked"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( revalidatedSubkey, getSignedData(data), publicKeys, policy, validationDate), "Primary key is hard revoked"); } @@ -486,16 +486,16 @@ public class SignatureChainValidatorTest { Date validationDate = new Date(); String data = "Hello World :)"; - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate), "Signature predates primary key"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( unboundKey, getSignedData(data), publicKeys, policy, validationDate), "Signing key unbound + hard revocation"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( afterHardRevocation, getSignedData(data), publicKeys, policy, validationDate), "Hard revocation invalidates key at all times"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( afterRevalidation, getSignedData(data), publicKeys, policy, validationDate), "Hard revocation invalidates key at all times"); } @@ -638,22 +638,22 @@ public class SignatureChainValidatorTest { String data = "Hello, World"; // Sig not valid, as it predates the signing key creation time - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( predatesPrimaryKey, getSignedData(data), publicKeys, policy, predatesPrimaryKey.getCreationTime()), "Signature predates primary key creation date"); // Sig valid - assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( + assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( keyIsValid, getSignedData(data), publicKeys, policy, keyIsValid.getCreationTime()), "Signature is valid"); // Sig not valid, as the signing key is revoked - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( keyIsRevoked, getSignedData(data), publicKeys, policy, keyIsRevoked.getCreationTime()), "Signing key is revoked at this point"); // Sig valid, as the signing key is revalidated - assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( + assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( keyIsRevalidated, getSignedData(data), publicKeys, policy, keyIsRevalidated.getCreationTime()), "Signature is valid, as signing key is revalidated"); } @@ -797,17 +797,17 @@ public class SignatureChainValidatorTest { String data = "Hello, World"; Date validationDate = new Date(); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate), "Signature predates primary key creation date"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( keyNotBound, getSignedData(data), publicKeys, policy, validationDate), "Signing key is not bound at this point"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( keyRevoked, getSignedData(data), publicKeys, policy, validationDate), "Signing key is revoked at this point"); assertDoesNotThrow(() -> - SignatureChainValidator.validateSignatureChain( + CertificateValidator.validateCertificateAndVerifyUninitializedSignature( valid, getSignedData(data), publicKeys, policy, validationDate), "Signing key is revalidated"); } @@ -951,17 +951,17 @@ public class SignatureChainValidatorTest { Date validationDate = new Date(); String data = "Hello, World"; - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate), "Signature predates primary key creation date"); - assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( + assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( valid, getSignedData(data), publicKeys, policy, validationDate), "Signature is valid"); assertThrows(SignatureValidationException.class, () -> - SignatureChainValidator.validateSignatureChain( + CertificateValidator.validateCertificateAndVerifyUninitializedSignature( revoked, getSignedData(data), publicKeys, policy, validationDate), "Primary key is revoked"); - assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( + assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( revalidated, getSignedData(data), publicKeys, policy, validationDate), "Primary key is re-legitimized"); } @@ -1292,43 +1292,43 @@ public class SignatureChainValidatorTest { Date validationDate = new Date(); String data = "Hello World :)"; - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( sigAT0, getSignedData(data), keysA, policy, validationDate), "Signature predates key creation time"); - assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( + assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( sigAT1_T2, getSignedData(data), keysA, policy, validationDate), "Key valid"); assertThrows(SignatureValidationException.class, () -> - SignatureChainValidator.validateSignatureChain( + CertificateValidator.validateCertificateAndVerifyUninitializedSignature( sigAT2_T3, getSignedData(data), keysA, policy, validationDate), "Key is not valid, as subkey binding expired"); - assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( + assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( sigAT3_now, getSignedData(data), keysA, policy, validationDate), "Key is valid again"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( sigBT0, getSignedData(data), keysB, policy, validationDate), "Signature predates key creation time"); - assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( + assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( sigBT1_T2, getSignedData(data), keysB, policy, validationDate), "Key is valid"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( sigBT2_T3, getSignedData(data), keysB, policy, validationDate), "Primary key is not signing-capable"); - assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( + assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( sigBT3_now, getSignedData(data), keysB, policy, validationDate), "Key is valid again"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( sigCT0, getSignedData(data), keysC, policy, validationDate), "Signature predates key creation time"); - assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( + assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( sigCT1_T2, getSignedData(data), keysC, policy, validationDate), "Key is valid"); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( sigCT2_T3, getSignedData(data), keysC, policy, validationDate), "Key is revoked"); - assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( + assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature( sigCT3_now, getSignedData(data), keysC, policy, validationDate), "Key is valid again"); } diff --git a/pgpainless-core/src/test/java/org/pgpainless/signature/KeyRevocationTest.java b/pgpainless-core/src/test/java/org/pgpainless/signature/KeyRevocationTest.java index bd93b183..a2834e5d 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/signature/KeyRevocationTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/signature/KeyRevocationTest.java @@ -164,16 +164,16 @@ public class KeyRevocationTest { PGPSignature t2t3 = SignatureUtils.readSignatures(sigT2T3).get(0); PGPSignature t3now = SignatureUtils.readSignatures(sigT3Now).get(0); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t0, + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t0, new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)), publicKeys, PGPainless.getPolicy(), new Date())); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t1t2, + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t1t2, new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)), publicKeys, PGPainless.getPolicy(), new Date())); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t2t3, + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t2t3, new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)), publicKeys, PGPainless.getPolicy(), new Date())); - assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t3now, + assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t3now, new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)), publicKeys, PGPainless.getPolicy(), new Date())); } @@ -267,7 +267,7 @@ public class KeyRevocationTest { PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key); PGPSignature signature = SignatureUtils.readSignatures(sig).get(0); - SignatureChainValidator.validateSignatureChain(signature, + CertificateValidator.validateCertificateAndVerifyUninitializedSignature(signature, new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)), publicKeys, PGPainless.getPolicy(), new Date()); }