mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-30 08:12:06 +01:00
Refactoring
This commit is contained in:
parent
5a9b8a2c50
commit
8c3b694a71
8 changed files with 94 additions and 91 deletions
|
@ -28,7 +28,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.util.io.Streams;
|
import org.bouncycastle.util.io.Streams;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.signature.DetachedSignature;
|
import org.pgpainless.signature.DetachedSignature;
|
||||||
import org.pgpainless.signature.SignatureChainValidator;
|
import org.pgpainless.signature.CertificateValidator;
|
||||||
import org.pgpainless.exception.SignatureValidationException;
|
import org.pgpainless.exception.SignatureValidationException;
|
||||||
import org.pgpainless.util.IntegrityProtectedInputStream;
|
import org.pgpainless.util.IntegrityProtectedInputStream;
|
||||||
|
|
||||||
|
@ -105,7 +105,7 @@ public class DecryptionStream extends InputStream {
|
||||||
for (DetachedSignature s : resultBuilder.getDetachedSignatures()) {
|
for (DetachedSignature s : resultBuilder.getDetachedSignatures()) {
|
||||||
try {
|
try {
|
||||||
verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(s.getSignature());
|
verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(s.getSignature());
|
||||||
boolean verified = SignatureChainValidator.validateSignature(s.getSignature(), (PGPPublicKeyRing) s.getSigningKeyRing(), PGPainless.getPolicy());
|
boolean verified = CertificateValidator.validateCertificateAndVerifyInitializedSignature(s.getSignature(), (PGPPublicKeyRing) s.getSigningKeyRing(), PGPainless.getPolicy());
|
||||||
s.setVerified(verified);
|
s.setVerified(verified);
|
||||||
} catch (SignatureValidationException e) {
|
} catch (SignatureValidationException e) {
|
||||||
LOGGER.log(Level.WARNING, "Could not verify signature of key " + s.getSigningKeyIdentifier(), e);
|
LOGGER.log(Level.WARNING, "Could not verify signature of key " + s.getSigningKeyIdentifier(), e);
|
||||||
|
|
|
@ -20,21 +20,20 @@ import static org.pgpainless.signature.SignatureValidator.verifySignatureCreatio
|
||||||
import java.io.FilterInputStream;
|
import java.io.FilterInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.security.SignatureException;
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
import javax.annotation.Nonnull;
|
import javax.annotation.Nonnull;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
|
||||||
import org.bouncycastle.openpgp.PGPObjectFactory;
|
import org.bouncycastle.openpgp.PGPObjectFactory;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.bouncycastle.openpgp.PGPSignatureList;
|
import org.bouncycastle.openpgp.PGPSignatureList;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
|
import org.pgpainless.exception.SignatureValidationException;
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||||
import org.pgpainless.policy.Policy;
|
import org.pgpainless.policy.Policy;
|
||||||
import org.pgpainless.signature.OnePassSignature;
|
import org.pgpainless.signature.OnePassSignature;
|
||||||
import org.pgpainless.signature.SignatureChainValidator;
|
import org.pgpainless.signature.CertificateValidator;
|
||||||
|
|
||||||
public class SignatureVerifyingInputStream extends FilterInputStream {
|
public class SignatureVerifyingInputStream extends FilterInputStream {
|
||||||
|
|
||||||
|
@ -103,7 +102,7 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
|
||||||
}
|
}
|
||||||
|
|
||||||
verifySignatureOrThrowSignatureException(signature, onePassSignature);
|
verifySignatureOrThrowSignatureException(signature, onePassSignature);
|
||||||
} catch (PGPException | SignatureException e) {
|
} catch (SignatureValidationException e) {
|
||||||
LOGGER.log(LEVEL, "One-pass-signature verification failed for signature made by key " +
|
LOGGER.log(LEVEL, "One-pass-signature verification failed for signature made by key " +
|
||||||
Long.toHexString(signature.getKeyID()) + ": " + e.getMessage(), e);
|
Long.toHexString(signature.getKeyID()) + ": " + e.getMessage(), e);
|
||||||
}
|
}
|
||||||
|
@ -111,10 +110,10 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
|
||||||
}
|
}
|
||||||
|
|
||||||
private void verifySignatureOrThrowSignatureException(PGPSignature signature, OnePassSignature onePassSignature)
|
private void verifySignatureOrThrowSignatureException(PGPSignature signature, OnePassSignature onePassSignature)
|
||||||
throws PGPException, SignatureException {
|
throws SignatureValidationException {
|
||||||
Policy policy = PGPainless.getPolicy();
|
Policy policy = PGPainless.getPolicy();
|
||||||
verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(signature);
|
verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(signature);
|
||||||
SignatureChainValidator.validateOnePassSignature(signature, onePassSignature, policy);
|
CertificateValidator.validateCertificateAndVerifyOnePassSignature(signature, onePassSignature, policy);
|
||||||
}
|
}
|
||||||
|
|
||||||
private OnePassSignature findOnePassSignature(OpenPgpV4Fingerprint fingerprint) {
|
private OnePassSignature findOnePassSignature(OpenPgpV4Fingerprint fingerprint) {
|
||||||
|
|
|
@ -15,12 +15,9 @@
|
||||||
*/
|
*/
|
||||||
package org.pgpainless.signature;
|
package org.pgpainless.signature;
|
||||||
|
|
||||||
import static org.pgpainless.signature.SignatureValidator.signatureIsEffective;
|
import static org.pgpainless.signature.SignatureValidator.verifyOnePassSignature;
|
||||||
import static org.pgpainless.signature.SignatureValidator.signatureStructureIsAcceptable;
|
|
||||||
import static org.pgpainless.signature.SignatureValidator.verifyWasPossiblyMadeByKey;
|
|
||||||
|
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.security.SignatureException;
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
@ -33,7 +30,6 @@ import java.util.logging.Logger;
|
||||||
|
|
||||||
import org.bouncycastle.bcpg.sig.KeyFlags;
|
import org.bouncycastle.bcpg.sig.KeyFlags;
|
||||||
import org.bouncycastle.bcpg.sig.SignerUserID;
|
import org.bouncycastle.bcpg.sig.SignerUserID;
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
|
@ -48,13 +44,13 @@ import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
|
||||||
* Its responsibilities are checking if a signing key was eligible to create a certain signature
|
* Its responsibilities are checking if a signing key was eligible to create a certain signature
|
||||||
* and if the signature is valid at the time of validation.
|
* and if the signature is valid at the time of validation.
|
||||||
*/
|
*/
|
||||||
public final class SignatureChainValidator {
|
public final class CertificateValidator {
|
||||||
|
|
||||||
private SignatureChainValidator() {
|
private CertificateValidator() {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private static final Logger LOGGER = Logger.getLogger(SignatureChainValidator.class.getName());
|
private static final Logger LOGGER = Logger.getLogger(CertificateValidator.class.getName());
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if the signing key was eligible to create the provided signature.
|
* Check if the signing key was eligible to create the provided signature.
|
||||||
|
@ -71,7 +67,7 @@ public final class SignatureChainValidator {
|
||||||
* @return true if the signing key was eligible to create the signature
|
* @return true if the signing key was eligible to create the signature
|
||||||
* @throws SignatureValidationException in case of a validation constraint violation
|
* @throws SignatureValidationException in case of a validation constraint violation
|
||||||
*/
|
*/
|
||||||
public static boolean validateSigningKey(PGPSignature signature, PGPPublicKeyRing signingKeyRing, Policy policy)
|
public static boolean validateCertificate(PGPSignature signature, PGPPublicKeyRing signingKeyRing, Policy policy)
|
||||||
throws SignatureValidationException {
|
throws SignatureValidationException {
|
||||||
|
|
||||||
Map<PGPSignature, Exception> rejections = new ConcurrentHashMap<>();
|
Map<PGPSignature, Exception> rejections = new ConcurrentHashMap<>();
|
||||||
|
@ -240,13 +236,13 @@ public final class SignatureChainValidator {
|
||||||
* @return true if the signature is valid, false otherwise
|
* @return true if the signature is valid, false otherwise
|
||||||
* @throws SignatureValidationException for validation constraint violations
|
* @throws SignatureValidationException for validation constraint violations
|
||||||
*/
|
*/
|
||||||
public static boolean validateSignatureChain(PGPSignature signature,
|
public static boolean validateCertificateAndVerifyUninitializedSignature(PGPSignature signature,
|
||||||
InputStream signedData,
|
InputStream signedData,
|
||||||
PGPPublicKeyRing signingKeyRing,
|
PGPPublicKeyRing signingKeyRing,
|
||||||
Policy policy,
|
Policy policy,
|
||||||
Date validationDate)
|
Date validationDate)
|
||||||
throws SignatureValidationException {
|
throws SignatureValidationException {
|
||||||
validateSigningKey(signature, signingKeyRing, policy);
|
validateCertificate(signature, signingKeyRing, policy);
|
||||||
long keyId = SignatureUtils.determineIssuerKeyId(signature);
|
long keyId = SignatureUtils.determineIssuerKeyId(signature);
|
||||||
return SignatureValidator.verifyUninitializedSignature(signature, signedData, signingKeyRing.getPublicKey(keyId), policy, validationDate);
|
return SignatureValidator.verifyUninitializedSignature(signature, signedData, signingKeyRing.getPublicKey(keyId), policy, validationDate);
|
||||||
}
|
}
|
||||||
|
@ -261,34 +257,20 @@ public final class SignatureChainValidator {
|
||||||
* @return true if the signature is valid, false otherwise
|
* @return true if the signature is valid, false otherwise
|
||||||
* @throws SignatureValidationException in case of a validation constraint violation
|
* @throws SignatureValidationException in case of a validation constraint violation
|
||||||
*/
|
*/
|
||||||
public static boolean validateSignature(PGPSignature signature, PGPPublicKeyRing verificationKeys, Policy policy)
|
public static boolean validateCertificateAndVerifyInitializedSignature(PGPSignature signature, PGPPublicKeyRing verificationKeys, Policy policy)
|
||||||
throws SignatureValidationException {
|
throws SignatureValidationException {
|
||||||
validateSigningKey(signature, verificationKeys, policy);
|
validateCertificate(signature, verificationKeys, policy);
|
||||||
long keyId = SignatureUtils.determineIssuerKeyId(signature);
|
long keyId = SignatureUtils.determineIssuerKeyId(signature);
|
||||||
PGPPublicKey signingKey = verificationKeys.getPublicKey(keyId);
|
PGPPublicKey signingKey = verificationKeys.getPublicKey(keyId);
|
||||||
SignatureValidator.verifyInitializedSignature(signature, signingKey, policy, signature.getCreationTime());
|
SignatureValidator.verifyInitializedSignature(signature, signingKey, policy, signature.getCreationTime());
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static boolean validateOnePassSignature(PGPSignature signature, OnePassSignature onePassSignature, Policy policy) throws PGPException, SignatureException {
|
public static boolean validateCertificateAndVerifyOnePassSignature(PGPSignature signature, OnePassSignature onePassSignature, Policy policy)
|
||||||
|
throws SignatureValidationException {
|
||||||
|
validateCertificate(signature, onePassSignature.getVerificationKeys(), policy);
|
||||||
PGPPublicKey signingKey = onePassSignature.getVerificationKeys().getPublicKey(signature.getKeyID());
|
PGPPublicKey signingKey = onePassSignature.getVerificationKeys().getPublicKey(signature.getKeyID());
|
||||||
try {
|
verifyOnePassSignature(signature, signingKey, onePassSignature, policy);
|
||||||
verifyWasPossiblyMadeByKey(signingKey, signature);
|
|
||||||
signatureStructureIsAcceptable(signingKey, policy).verify(signature);
|
|
||||||
signatureIsEffective().verify(signature);
|
|
||||||
} catch (SignatureValidationException e) {
|
|
||||||
throw new SignatureException("Signature is not valid: " + e.getMessage(), e);
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
validateSigningKey(signature, onePassSignature.getVerificationKeys(), policy);
|
|
||||||
} catch (SignatureValidationException e) {
|
|
||||||
throw new SignatureException("Signing key " + Long.toHexString(signingKey.getKeyID()) + " is not valid: " + e.getMessage(), e);
|
|
||||||
}
|
|
||||||
if (!onePassSignature.verify(signature)) {
|
|
||||||
throw new SignatureException("Bad signature of key " + Long.toHexString(signingKey.getKeyID()));
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -83,8 +83,9 @@ public abstract class SignatureValidator {
|
||||||
try {
|
try {
|
||||||
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey);
|
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey);
|
||||||
int read;
|
int read;
|
||||||
while ((read = signedData.read()) != -1) {
|
byte[] buf = new byte[8192];
|
||||||
signature.update((byte) read);
|
while ((read = signedData.read(buf)) != -1) {
|
||||||
|
signature.update(buf, 0, read);
|
||||||
}
|
}
|
||||||
} catch (PGPException e) {
|
} catch (PGPException e) {
|
||||||
throw new SignatureValidationException("Cannot init signature.", e);
|
throw new SignatureValidationException("Cannot init signature.", e);
|
||||||
|
@ -121,6 +122,27 @@ public abstract class SignatureValidator {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static boolean verifyOnePassSignature(PGPSignature signature, PGPPublicKey signingKey, OnePassSignature onePassSignature, Policy policy)
|
||||||
|
throws SignatureValidationException {
|
||||||
|
try {
|
||||||
|
verifyWasPossiblyMadeByKey(signingKey, signature);
|
||||||
|
signatureStructureIsAcceptable(signingKey, policy).verify(signature);
|
||||||
|
signatureIsEffective().verify(signature);
|
||||||
|
} catch (SignatureValidationException e) {
|
||||||
|
throw new SignatureValidationException("Signature is not valid: " + e.getMessage(), e);
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
if (!onePassSignature.verify(signature)) {
|
||||||
|
throw new SignatureValidationException("Bad signature of key " + Long.toHexString(signingKey.getKeyID()));
|
||||||
|
}
|
||||||
|
} catch (PGPException e) {
|
||||||
|
throw new SignatureValidationException("Could not verify correctness of One-Pass-Signature: " + e.getMessage(), e);
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Verify a signature (certification or revocation) over a user-id.
|
* Verify a signature (certification or revocation) over a user-id.
|
||||||
*
|
*
|
||||||
|
|
|
@ -36,7 +36,7 @@ import org.bouncycastle.util.Strings;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.exception.SignatureValidationException;
|
import org.pgpainless.exception.SignatureValidationException;
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
import org.pgpainless.signature.SignatureChainValidator;
|
import org.pgpainless.signature.CertificateValidator;
|
||||||
import org.pgpainless.util.ArmoredInputStreamFactory;
|
import org.pgpainless.util.ArmoredInputStreamFactory;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -140,7 +140,7 @@ public class CleartextSignatureProcessor {
|
||||||
}
|
}
|
||||||
sigIn.close();
|
sigIn.close();
|
||||||
|
|
||||||
SignatureChainValidator.validateSignature(signature, signingKeyRing, PGPainless.getPolicy());
|
CertificateValidator.validateCertificateAndVerifyInitializedSignature(signature, signingKeyRing, PGPainless.getPolicy());
|
||||||
return signature;
|
return signature;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2016,7 +2016,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
SignatureChainValidator.validateSignatureChain(signature, getSignedData(data), publicKeys, policy, validationDate);
|
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(signature, getSignedData(data), publicKeys, policy, validationDate);
|
||||||
} catch (SignatureValidationException e) {
|
} catch (SignatureValidationException e) {
|
||||||
// CHECKSTYLE:OFF
|
// CHECKSTYLE:OFF
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
|
@ -2030,7 +2030,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
||||||
|
|
||||||
assertThrows(SignatureValidationException.class, () ->
|
assertThrows(SignatureValidationException.class, () ->
|
||||||
SignatureChainValidator.validateSignatureChain(
|
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
signature, getSignedData(data), publicKeys, policy, validationDate),
|
signature, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
message);
|
message);
|
||||||
}
|
}
|
||||||
|
|
|
@ -40,7 +40,7 @@ import org.pgpainless.exception.SignatureValidationException;
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
import org.pgpainless.policy.Policy;
|
import org.pgpainless.policy.Policy;
|
||||||
|
|
||||||
public class SignatureChainValidatorTest {
|
public class CertificateValidatorTest {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Primary Key signs and is hard revoked with reason: unknown.
|
* Primary Key signs and is hard revoked with reason: unknown.
|
||||||
|
@ -181,16 +181,16 @@ public class SignatureChainValidatorTest {
|
||||||
Date validationDate = new Date();
|
Date validationDate = new Date();
|
||||||
String data = "Hello, World";
|
String data = "Hello, World";
|
||||||
|
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Signature predates primary key");
|
"Signature predates primary key");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
unboundSubkey, getSignedData(data), publicKeys, policy, validationDate),
|
unboundSubkey, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Primary key hard revoked");
|
"Primary key hard revoked");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
primaryKeyRevoked, getSignedData(data), publicKeys, policy, validationDate),
|
primaryKeyRevoked, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Primary key hard revoked");
|
"Primary key hard revoked");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
primaryKeyRevalidated, getSignedData(data), publicKeys, policy, validationDate),
|
primaryKeyRevalidated, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Primary key hard revoked");
|
"Primary key hard revoked");
|
||||||
}
|
}
|
||||||
|
@ -333,16 +333,16 @@ public class SignatureChainValidatorTest {
|
||||||
Date validationDate = new Date();
|
Date validationDate = new Date();
|
||||||
String data = "Hello, World";
|
String data = "Hello, World";
|
||||||
|
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Signature predates primary key");
|
"Signature predates primary key");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
unboundSubkey, getSignedData(data), publicKeys, policy, validationDate),
|
unboundSubkey, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Signing key unbound + hard revocation");
|
"Signing key unbound + hard revocation");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
revokedSubkey, getSignedData(data), publicKeys, policy, validationDate),
|
revokedSubkey, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Primary key is hard revoked");
|
"Primary key is hard revoked");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
revalidatedSubkey, getSignedData(data), publicKeys, policy, validationDate),
|
revalidatedSubkey, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Primary key is hard revoked");
|
"Primary key is hard revoked");
|
||||||
}
|
}
|
||||||
|
@ -486,16 +486,16 @@ public class SignatureChainValidatorTest {
|
||||||
Date validationDate = new Date();
|
Date validationDate = new Date();
|
||||||
String data = "Hello World :)";
|
String data = "Hello World :)";
|
||||||
|
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Signature predates primary key");
|
"Signature predates primary key");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
unboundKey, getSignedData(data), publicKeys, policy, validationDate),
|
unboundKey, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Signing key unbound + hard revocation");
|
"Signing key unbound + hard revocation");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
afterHardRevocation, getSignedData(data), publicKeys, policy, validationDate),
|
afterHardRevocation, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Hard revocation invalidates key at all times");
|
"Hard revocation invalidates key at all times");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
afterRevalidation, getSignedData(data), publicKeys, policy, validationDate),
|
afterRevalidation, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Hard revocation invalidates key at all times");
|
"Hard revocation invalidates key at all times");
|
||||||
}
|
}
|
||||||
|
@ -638,22 +638,22 @@ public class SignatureChainValidatorTest {
|
||||||
String data = "Hello, World";
|
String data = "Hello, World";
|
||||||
|
|
||||||
// Sig not valid, as it predates the signing key creation time
|
// Sig not valid, as it predates the signing key creation time
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
predatesPrimaryKey, getSignedData(data), publicKeys, policy, predatesPrimaryKey.getCreationTime()),
|
predatesPrimaryKey, getSignedData(data), publicKeys, policy, predatesPrimaryKey.getCreationTime()),
|
||||||
"Signature predates primary key creation date");
|
"Signature predates primary key creation date");
|
||||||
|
|
||||||
// Sig valid
|
// Sig valid
|
||||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
keyIsValid, getSignedData(data), publicKeys, policy, keyIsValid.getCreationTime()),
|
keyIsValid, getSignedData(data), publicKeys, policy, keyIsValid.getCreationTime()),
|
||||||
"Signature is valid");
|
"Signature is valid");
|
||||||
|
|
||||||
// Sig not valid, as the signing key is revoked
|
// Sig not valid, as the signing key is revoked
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
keyIsRevoked, getSignedData(data), publicKeys, policy, keyIsRevoked.getCreationTime()),
|
keyIsRevoked, getSignedData(data), publicKeys, policy, keyIsRevoked.getCreationTime()),
|
||||||
"Signing key is revoked at this point");
|
"Signing key is revoked at this point");
|
||||||
|
|
||||||
// Sig valid, as the signing key is revalidated
|
// Sig valid, as the signing key is revalidated
|
||||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
keyIsRevalidated, getSignedData(data), publicKeys, policy, keyIsRevalidated.getCreationTime()),
|
keyIsRevalidated, getSignedData(data), publicKeys, policy, keyIsRevalidated.getCreationTime()),
|
||||||
"Signature is valid, as signing key is revalidated");
|
"Signature is valid, as signing key is revalidated");
|
||||||
}
|
}
|
||||||
|
@ -797,17 +797,17 @@ public class SignatureChainValidatorTest {
|
||||||
String data = "Hello, World";
|
String data = "Hello, World";
|
||||||
Date validationDate = new Date();
|
Date validationDate = new Date();
|
||||||
|
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Signature predates primary key creation date");
|
"Signature predates primary key creation date");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
keyNotBound, getSignedData(data), publicKeys, policy, validationDate),
|
keyNotBound, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Signing key is not bound at this point");
|
"Signing key is not bound at this point");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
keyRevoked, getSignedData(data), publicKeys, policy, validationDate),
|
keyRevoked, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Signing key is revoked at this point");
|
"Signing key is revoked at this point");
|
||||||
assertDoesNotThrow(() ->
|
assertDoesNotThrow(() ->
|
||||||
SignatureChainValidator.validateSignatureChain(
|
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
valid, getSignedData(data), publicKeys, policy, validationDate),
|
valid, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Signing key is revalidated");
|
"Signing key is revalidated");
|
||||||
}
|
}
|
||||||
|
@ -951,17 +951,17 @@ public class SignatureChainValidatorTest {
|
||||||
Date validationDate = new Date();
|
Date validationDate = new Date();
|
||||||
String data = "Hello, World";
|
String data = "Hello, World";
|
||||||
|
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Signature predates primary key creation date");
|
"Signature predates primary key creation date");
|
||||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
valid, getSignedData(data), publicKeys, policy, validationDate),
|
valid, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Signature is valid");
|
"Signature is valid");
|
||||||
assertThrows(SignatureValidationException.class, () ->
|
assertThrows(SignatureValidationException.class, () ->
|
||||||
SignatureChainValidator.validateSignatureChain(
|
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
revoked, getSignedData(data), publicKeys, policy, validationDate),
|
revoked, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Primary key is revoked");
|
"Primary key is revoked");
|
||||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
revalidated, getSignedData(data), publicKeys, policy, validationDate),
|
revalidated, getSignedData(data), publicKeys, policy, validationDate),
|
||||||
"Primary key is re-legitimized");
|
"Primary key is re-legitimized");
|
||||||
}
|
}
|
||||||
|
@ -1292,43 +1292,43 @@ public class SignatureChainValidatorTest {
|
||||||
Date validationDate = new Date();
|
Date validationDate = new Date();
|
||||||
String data = "Hello World :)";
|
String data = "Hello World :)";
|
||||||
|
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
sigAT0, getSignedData(data), keysA, policy, validationDate),
|
sigAT0, getSignedData(data), keysA, policy, validationDate),
|
||||||
"Signature predates key creation time");
|
"Signature predates key creation time");
|
||||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
sigAT1_T2, getSignedData(data), keysA, policy, validationDate),
|
sigAT1_T2, getSignedData(data), keysA, policy, validationDate),
|
||||||
"Key valid");
|
"Key valid");
|
||||||
assertThrows(SignatureValidationException.class, () ->
|
assertThrows(SignatureValidationException.class, () ->
|
||||||
SignatureChainValidator.validateSignatureChain(
|
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
sigAT2_T3, getSignedData(data), keysA, policy, validationDate),
|
sigAT2_T3, getSignedData(data), keysA, policy, validationDate),
|
||||||
"Key is not valid, as subkey binding expired");
|
"Key is not valid, as subkey binding expired");
|
||||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
sigAT3_now, getSignedData(data), keysA, policy, validationDate),
|
sigAT3_now, getSignedData(data), keysA, policy, validationDate),
|
||||||
"Key is valid again");
|
"Key is valid again");
|
||||||
|
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
sigBT0, getSignedData(data), keysB, policy, validationDate),
|
sigBT0, getSignedData(data), keysB, policy, validationDate),
|
||||||
"Signature predates key creation time");
|
"Signature predates key creation time");
|
||||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
sigBT1_T2, getSignedData(data), keysB, policy, validationDate),
|
sigBT1_T2, getSignedData(data), keysB, policy, validationDate),
|
||||||
"Key is valid");
|
"Key is valid");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
sigBT2_T3, getSignedData(data), keysB, policy, validationDate),
|
sigBT2_T3, getSignedData(data), keysB, policy, validationDate),
|
||||||
"Primary key is not signing-capable");
|
"Primary key is not signing-capable");
|
||||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
sigBT3_now, getSignedData(data), keysB, policy, validationDate),
|
sigBT3_now, getSignedData(data), keysB, policy, validationDate),
|
||||||
"Key is valid again");
|
"Key is valid again");
|
||||||
|
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
sigCT0, getSignedData(data), keysC, policy, validationDate),
|
sigCT0, getSignedData(data), keysC, policy, validationDate),
|
||||||
"Signature predates key creation time");
|
"Signature predates key creation time");
|
||||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
sigCT1_T2, getSignedData(data), keysC, policy, validationDate),
|
sigCT1_T2, getSignedData(data), keysC, policy, validationDate),
|
||||||
"Key is valid");
|
"Key is valid");
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
sigCT2_T3, getSignedData(data), keysC, policy, validationDate),
|
sigCT2_T3, getSignedData(data), keysC, policy, validationDate),
|
||||||
"Key is revoked");
|
"Key is revoked");
|
||||||
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
|
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
|
||||||
sigCT3_now, getSignedData(data), keysC, policy, validationDate),
|
sigCT3_now, getSignedData(data), keysC, policy, validationDate),
|
||||||
"Key is valid again");
|
"Key is valid again");
|
||||||
}
|
}
|
|
@ -164,16 +164,16 @@ public class KeyRevocationTest {
|
||||||
PGPSignature t2t3 = SignatureUtils.readSignatures(sigT2T3).get(0);
|
PGPSignature t2t3 = SignatureUtils.readSignatures(sigT2T3).get(0);
|
||||||
PGPSignature t3now = SignatureUtils.readSignatures(sigT3Now).get(0);
|
PGPSignature t3now = SignatureUtils.readSignatures(sigT3Now).get(0);
|
||||||
|
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t0,
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t0,
|
||||||
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
||||||
publicKeys, PGPainless.getPolicy(), new Date()));
|
publicKeys, PGPainless.getPolicy(), new Date()));
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t1t2,
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t1t2,
|
||||||
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
||||||
publicKeys, PGPainless.getPolicy(), new Date()));
|
publicKeys, PGPainless.getPolicy(), new Date()));
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t2t3,
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t2t3,
|
||||||
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
||||||
publicKeys, PGPainless.getPolicy(), new Date()));
|
publicKeys, PGPainless.getPolicy(), new Date()));
|
||||||
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t3now,
|
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t3now,
|
||||||
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
||||||
publicKeys, PGPainless.getPolicy(), new Date()));
|
publicKeys, PGPainless.getPolicy(), new Date()));
|
||||||
}
|
}
|
||||||
|
@ -267,7 +267,7 @@ public class KeyRevocationTest {
|
||||||
PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key);
|
PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key);
|
||||||
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
||||||
|
|
||||||
SignatureChainValidator.validateSignatureChain(signature,
|
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(signature,
|
||||||
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
|
||||||
publicKeys, PGPainless.getPolicy(), new Date());
|
publicKeys, PGPainless.getPolicy(), new Date());
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue