PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-26 22:32:07 +01:00
Code Issues Releases Wiki Activity

Refactoring

Browse source
This commit is contained in:
Paul Schaub 2021-08-18 13:19:43 +02:00
parent 5a9b8a2c50
commit 8c3b694a71
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
8 changed files with 94 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStream.java
View file

@ -28,7 +28,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.Streams;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.signature.DetachedSignature; import org.pgpainless.signature.DetachedSignature;
import org.pgpainless.signature.SignatureChainValidator; import org.pgpainless.signature.CertificateValidator;
import org.pgpainless.exception.SignatureValidationException; import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.util.IntegrityProtectedInputStream; import org.pgpainless.util.IntegrityProtectedInputStream;
@ -105,7 +105,7 @@ public class DecryptionStream extends InputStream {
for (DetachedSignature s : resultBuilder.getDetachedSignatures()) { for (DetachedSignature s : resultBuilder.getDetachedSignatures()) {
try { try {
verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(s.getSignature()); verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(s.getSignature());
boolean verified = SignatureChainValidator.validateSignature(s.getSignature(), (PGPPublicKeyRing) s.getSigningKeyRing(), PGPainless.getPolicy()); boolean verified = CertificateValidator.validateCertificateAndVerifyInitializedSignature(s.getSignature(), (PGPPublicKeyRing) s.getSigningKeyRing(), PGPainless.getPolicy());
s.setVerified(verified); s.setVerified(verified);
} catch (SignatureValidationException e) { } catch (SignatureValidationException e) {
LOGGER.log(Level.WARNING, "Could not verify signature of key " + s.getSigningKeyIdentifier(), e); LOGGER.log(Level.WARNING, "Could not verify signature of key " + s.getSigningKeyIdentifier(), e);

11
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/SignatureVerifyingInputStream.java
View file

@ -20,21 +20,20 @@ import static org.pgpainless.signature.SignatureValidator.verifySignatureCreatio
import java.io.FilterInputStream; import java.io.FilterInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.security.SignatureException;
import java.util.Map; import java.util.Map;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList; import org.bouncycastle.openpgp.PGPSignatureList;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.key.OpenPgpV4Fingerprint; import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.policy.Policy; import org.pgpainless.policy.Policy;
import org.pgpainless.signature.OnePassSignature; import org.pgpainless.signature.OnePassSignature;
import org.pgpainless.signature.SignatureChainValidator; import org.pgpainless.signature.CertificateValidator;
public class SignatureVerifyingInputStream extends FilterInputStream { public class SignatureVerifyingInputStream extends FilterInputStream {
@ -103,7 +102,7 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
} }
verifySignatureOrThrowSignatureException(signature, onePassSignature); verifySignatureOrThrowSignatureException(signature, onePassSignature);
} catch (PGPException | SignatureException e) { } catch (SignatureValidationException e) {
LOGGER.log(LEVEL, "One-pass-signature verification failed for signature made by key " + LOGGER.log(LEVEL, "One-pass-signature verification failed for signature made by key " +
Long.toHexString(signature.getKeyID()) + ": " + e.getMessage(), e); Long.toHexString(signature.getKeyID()) + ": " + e.getMessage(), e);
} }
@ -111,10 +110,10 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
} }
private void verifySignatureOrThrowSignatureException(PGPSignature signature, OnePassSignature onePassSignature) private void verifySignatureOrThrowSignatureException(PGPSignature signature, OnePassSignature onePassSignature)
throws PGPException, SignatureException { throws SignatureValidationException {
Policy policy = PGPainless.getPolicy(); Policy policy = PGPainless.getPolicy();
verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(signature); verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(signature);
SignatureChainValidator.validateOnePassSignature(signature, onePassSignature, policy); CertificateValidator.validateCertificateAndVerifyOnePassSignature(signature, onePassSignature, policy);
} }
private OnePassSignature findOnePassSignature(OpenPgpV4Fingerprint fingerprint) { private OnePassSignature findOnePassSignature(OpenPgpV4Fingerprint fingerprint) {

52
pgpainless-core/src/main/java/org/pgpainless/signature/SignatureChainValidator.java → pgpainless-core/src/main/java/org/pgpainless/signature/CertificateValidator.java
View file

@ -15,12 +15,9 @@
*/ */
package org.pgpainless.signature; package org.pgpainless.signature;
import static org.pgpainless.signature.SignatureValidator.signatureIsEffective; import static org.pgpainless.signature.SignatureValidator.verifyOnePassSignature;
import static org.pgpainless.signature.SignatureValidator.signatureStructureIsAcceptable;
import static org.pgpainless.signature.SignatureValidator.verifyWasPossiblyMadeByKey;
import java.io.InputStream; import java.io.InputStream;
import java.security.SignatureException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.Date; import java.util.Date;
@ -33,7 +30,6 @@ import java.util.logging.Logger;
import org.bouncycastle.bcpg.sig.KeyFlags; import org.bouncycastle.bcpg.sig.KeyFlags;
import org.bouncycastle.bcpg.sig.SignerUserID; import org.bouncycastle.bcpg.sig.SignerUserID;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignature;
@ -48,13 +44,13 @@ import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
* Its responsibilities are checking if a signing key was eligible to create a certain signature * Its responsibilities are checking if a signing key was eligible to create a certain signature
* and if the signature is valid at the time of validation. * and if the signature is valid at the time of validation.
*/ */
public final class SignatureChainValidator { public final class CertificateValidator {
private SignatureChainValidator() { private CertificateValidator() {
} }
private static final Logger LOGGER = Logger.getLogger(SignatureChainValidator.class.getName()); private static final Logger LOGGER = Logger.getLogger(CertificateValidator.class.getName());
/** /**
* Check if the signing key was eligible to create the provided signature. * Check if the signing key was eligible to create the provided signature.
@ -71,7 +67,7 @@ public final class SignatureChainValidator {
* @return true if the signing key was eligible to create the signature * @return true if the signing key was eligible to create the signature
* @throws SignatureValidationException in case of a validation constraint violation * @throws SignatureValidationException in case of a validation constraint violation
*/ */
public static boolean validateSigningKey(PGPSignature signature, PGPPublicKeyRing signingKeyRing, Policy policy) public static boolean validateCertificate(PGPSignature signature, PGPPublicKeyRing signingKeyRing, Policy policy)
throws SignatureValidationException { throws SignatureValidationException {
Map<PGPSignature, Exception> rejections = new ConcurrentHashMap<>(); Map<PGPSignature, Exception> rejections = new ConcurrentHashMap<>();
@ -240,13 +236,13 @@ public final class SignatureChainValidator {
* @return true if the signature is valid, false otherwise * @return true if the signature is valid, false otherwise
* @throws SignatureValidationException for validation constraint violations * @throws SignatureValidationException for validation constraint violations
*/ */
public static boolean validateSignatureChain(PGPSignature signature, public static boolean validateCertificateAndVerifyUninitializedSignature(PGPSignature signature,
InputStream signedData, InputStream signedData,
PGPPublicKeyRing signingKeyRing, PGPPublicKeyRing signingKeyRing,
Policy policy, Policy policy,
Date validationDate) Date validationDate)
throws SignatureValidationException { throws SignatureValidationException {
validateSigningKey(signature, signingKeyRing, policy); validateCertificate(signature, signingKeyRing, policy);
long keyId = SignatureUtils.determineIssuerKeyId(signature); long keyId = SignatureUtils.determineIssuerKeyId(signature);
return SignatureValidator.verifyUninitializedSignature(signature, signedData, signingKeyRing.getPublicKey(keyId), policy, validationDate); return SignatureValidator.verifyUninitializedSignature(signature, signedData, signingKeyRing.getPublicKey(keyId), policy, validationDate);
} }
@ -261,34 +257,20 @@ public final class SignatureChainValidator {
* @return true if the signature is valid, false otherwise * @return true if the signature is valid, false otherwise
* @throws SignatureValidationException in case of a validation constraint violation * @throws SignatureValidationException in case of a validation constraint violation
*/ */
public static boolean validateSignature(PGPSignature signature, PGPPublicKeyRing verificationKeys, Policy policy) public static boolean validateCertificateAndVerifyInitializedSignature(PGPSignature signature, PGPPublicKeyRing verificationKeys, Policy policy)
throws SignatureValidationException { throws SignatureValidationException {
validateSigningKey(signature, verificationKeys, policy); validateCertificate(signature, verificationKeys, policy);
long keyId = SignatureUtils.determineIssuerKeyId(signature); long keyId = SignatureUtils.determineIssuerKeyId(signature);
PGPPublicKey signingKey = verificationKeys.getPublicKey(keyId); PGPPublicKey signingKey = verificationKeys.getPublicKey(keyId);
SignatureValidator.verifyInitializedSignature(signature, signingKey, policy, signature.getCreationTime()); SignatureValidator.verifyInitializedSignature(signature, signingKey, policy, signature.getCreationTime());
return true; return true;
} }
public static boolean validateOnePassSignature(PGPSignature signature, OnePassSignature onePassSignature, Policy policy) throws PGPException, SignatureException { public static boolean validateCertificateAndVerifyOnePassSignature(PGPSignature signature, OnePassSignature onePassSignature, Policy policy)
throws SignatureValidationException {
validateCertificate(signature, onePassSignature.getVerificationKeys(), policy);
PGPPublicKey signingKey = onePassSignature.getVerificationKeys().getPublicKey(signature.getKeyID()); PGPPublicKey signingKey = onePassSignature.getVerificationKeys().getPublicKey(signature.getKeyID());
try { verifyOnePassSignature(signature, signingKey, onePassSignature, policy);
verifyWasPossiblyMadeByKey(signingKey, signature);
signatureStructureIsAcceptable(signingKey, policy).verify(signature);
signatureIsEffective().verify(signature);
} catch (SignatureValidationException e) {
throw new SignatureException("Signature is not valid: " + e.getMessage(), e);
}
try {
validateSigningKey(signature, onePassSignature.getVerificationKeys(), policy);
} catch (SignatureValidationException e) {
throw new SignatureException("Signing key " + Long.toHexString(signingKey.getKeyID()) + " is not valid: " + e.getMessage(), e);
}
if (!onePassSignature.verify(signature)) {
throw new SignatureException("Bad signature of key " + Long.toHexString(signingKey.getKeyID()));
}
return true; return true;
} }
} }

26
pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java
View file

@ -83,8 +83,9 @@ public abstract class SignatureValidator {
try { try {
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey); signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey);
int read; int read;
while ((read = signedData.read()) != -1) { byte[] buf = new byte[8192];
signature.update((byte) read); while ((read = signedData.read(buf)) != -1) {
signature.update(buf, 0, read);
} }
} catch (PGPException e) { } catch (PGPException e) {
throw new SignatureValidationException("Cannot init signature.", e); throw new SignatureValidationException("Cannot init signature.", e);
@ -121,6 +122,27 @@ public abstract class SignatureValidator {
} }
} }
public static boolean verifyOnePassSignature(PGPSignature signature, PGPPublicKey signingKey, OnePassSignature onePassSignature, Policy policy)
throws SignatureValidationException {
try {
verifyWasPossiblyMadeByKey(signingKey, signature);
signatureStructureIsAcceptable(signingKey, policy).verify(signature);
signatureIsEffective().verify(signature);
} catch (SignatureValidationException e) {
throw new SignatureValidationException("Signature is not valid: " + e.getMessage(), e);
}
try {
if (!onePassSignature.verify(signature)) {
throw new SignatureValidationException("Bad signature of key " + Long.toHexString(signingKey.getKeyID()));
}
} catch (PGPException e) {
throw new SignatureValidationException("Could not verify correctness of One-Pass-Signature: " + e.getMessage(), e);
}
return true;
}
/** /**
* Verify a signature (certification or revocation) over a user-id. * Verify a signature (certification or revocation) over a user-id.
* *

4
pgpainless-core/src/main/java/org/pgpainless/signature/cleartext_signatures/CleartextSignatureProcessor.java
View file

@ -36,7 +36,7 @@ import org.bouncycastle.util.Strings;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.exception.SignatureValidationException; import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.signature.SignatureChainValidator; import org.pgpainless.signature.CertificateValidator;
import org.pgpainless.util.ArmoredInputStreamFactory; import org.pgpainless.util.ArmoredInputStreamFactory;
/** /**
@ -140,7 +140,7 @@ public class CleartextSignatureProcessor {
} }
sigIn.close(); sigIn.close();
SignatureChainValidator.validateSignature(signature, signingKeyRing, PGPainless.getPolicy()); CertificateValidator.validateCertificateAndVerifyInitializedSignature(signature, signingKeyRing, PGPainless.getPolicy());
return signature; return signature;
} }

4
pgpainless-core/src/test/java/org/pgpainless/signature/BindingSignatureSubpacketsTest.java
View file

@ -2016,7 +2016,7 @@ public class BindingSignatureSubpacketsTest {
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0); PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
try { try {
SignatureChainValidator.validateSignatureChain(signature, getSignedData(data), publicKeys, policy, validationDate); CertificateValidator.validateCertificateAndVerifyUninitializedSignature(signature, getSignedData(data), publicKeys, policy, validationDate);
} catch (SignatureValidationException e) { } catch (SignatureValidationException e) {
// CHECKSTYLE:OFF // CHECKSTYLE:OFF
e.printStackTrace(); e.printStackTrace();
@ -2030,7 +2030,7 @@ public class BindingSignatureSubpacketsTest {
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0); PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
assertThrows(SignatureValidationException.class, () -> assertThrows(SignatureValidationException.class, () ->
SignatureChainValidator.validateSignatureChain( CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
signature, getSignedData(data), publicKeys, policy, validationDate), signature, getSignedData(data), publicKeys, policy, validationDate),
message); message);
} }

74
pgpainless-core/src/test/java/org/pgpainless/signature/SignatureChainValidatorTest.java → pgpainless-core/src/test/java/org/pgpainless/signature/CertificateValidatorTest.java
View file

@ -40,7 +40,7 @@ import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.policy.Policy; import org.pgpainless.policy.Policy;
public class SignatureChainValidatorTest { public class CertificateValidatorTest {
/** /**
* Primary Key signs and is hard revoked with reason: unknown. * Primary Key signs and is hard revoked with reason: unknown.
@ -181,16 +181,16 @@ public class SignatureChainValidatorTest {
Date validationDate = new Date(); Date validationDate = new Date();
String data = "Hello, World"; String data = "Hello, World";
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate), predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
"Signature predates primary key"); "Signature predates primary key");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
unboundSubkey, getSignedData(data), publicKeys, policy, validationDate), unboundSubkey, getSignedData(data), publicKeys, policy, validationDate),
"Primary key hard revoked"); "Primary key hard revoked");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
primaryKeyRevoked, getSignedData(data), publicKeys, policy, validationDate), primaryKeyRevoked, getSignedData(data), publicKeys, policy, validationDate),
"Primary key hard revoked"); "Primary key hard revoked");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
primaryKeyRevalidated, getSignedData(data), publicKeys, policy, validationDate), primaryKeyRevalidated, getSignedData(data), publicKeys, policy, validationDate),
"Primary key hard revoked"); "Primary key hard revoked");
} }
@ -333,16 +333,16 @@ public class SignatureChainValidatorTest {
Date validationDate = new Date(); Date validationDate = new Date();
String data = "Hello, World"; String data = "Hello, World";
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate), predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
"Signature predates primary key"); "Signature predates primary key");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
unboundSubkey, getSignedData(data), publicKeys, policy, validationDate), unboundSubkey, getSignedData(data), publicKeys, policy, validationDate),
"Signing key unbound + hard revocation"); "Signing key unbound + hard revocation");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
revokedSubkey, getSignedData(data), publicKeys, policy, validationDate), revokedSubkey, getSignedData(data), publicKeys, policy, validationDate),
"Primary key is hard revoked"); "Primary key is hard revoked");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
revalidatedSubkey, getSignedData(data), publicKeys, policy, validationDate), revalidatedSubkey, getSignedData(data), publicKeys, policy, validationDate),
"Primary key is hard revoked"); "Primary key is hard revoked");
} }
@ -486,16 +486,16 @@ public class SignatureChainValidatorTest {
Date validationDate = new Date(); Date validationDate = new Date();
String data = "Hello World :)"; String data = "Hello World :)";
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate), predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
"Signature predates primary key"); "Signature predates primary key");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
unboundKey, getSignedData(data), publicKeys, policy, validationDate), unboundKey, getSignedData(data), publicKeys, policy, validationDate),
"Signing key unbound + hard revocation"); "Signing key unbound + hard revocation");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
afterHardRevocation, getSignedData(data), publicKeys, policy, validationDate), afterHardRevocation, getSignedData(data), publicKeys, policy, validationDate),
"Hard revocation invalidates key at all times"); "Hard revocation invalidates key at all times");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
afterRevalidation, getSignedData(data), publicKeys, policy, validationDate), afterRevalidation, getSignedData(data), publicKeys, policy, validationDate),
"Hard revocation invalidates key at all times"); "Hard revocation invalidates key at all times");
} }
@ -638,22 +638,22 @@ public class SignatureChainValidatorTest {
String data = "Hello, World"; String data = "Hello, World";
// Sig not valid, as it predates the signing key creation time // Sig not valid, as it predates the signing key creation time
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
predatesPrimaryKey, getSignedData(data), publicKeys, policy, predatesPrimaryKey.getCreationTime()), predatesPrimaryKey, getSignedData(data), publicKeys, policy, predatesPrimaryKey.getCreationTime()),
"Signature predates primary key creation date"); "Signature predates primary key creation date");
// Sig valid // Sig valid
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
keyIsValid, getSignedData(data), publicKeys, policy, keyIsValid.getCreationTime()), keyIsValid, getSignedData(data), publicKeys, policy, keyIsValid.getCreationTime()),
"Signature is valid"); "Signature is valid");
// Sig not valid, as the signing key is revoked // Sig not valid, as the signing key is revoked
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
keyIsRevoked, getSignedData(data), publicKeys, policy, keyIsRevoked.getCreationTime()), keyIsRevoked, getSignedData(data), publicKeys, policy, keyIsRevoked.getCreationTime()),
"Signing key is revoked at this point"); "Signing key is revoked at this point");
// Sig valid, as the signing key is revalidated // Sig valid, as the signing key is revalidated
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
keyIsRevalidated, getSignedData(data), publicKeys, policy, keyIsRevalidated.getCreationTime()), keyIsRevalidated, getSignedData(data), publicKeys, policy, keyIsRevalidated.getCreationTime()),
"Signature is valid, as signing key is revalidated"); "Signature is valid, as signing key is revalidated");
} }
@ -797,17 +797,17 @@ public class SignatureChainValidatorTest {
String data = "Hello, World"; String data = "Hello, World";
Date validationDate = new Date(); Date validationDate = new Date();
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate), predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
"Signature predates primary key creation date"); "Signature predates primary key creation date");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
keyNotBound, getSignedData(data), publicKeys, policy, validationDate), keyNotBound, getSignedData(data), publicKeys, policy, validationDate),
"Signing key is not bound at this point"); "Signing key is not bound at this point");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
keyRevoked, getSignedData(data), publicKeys, policy, validationDate), keyRevoked, getSignedData(data), publicKeys, policy, validationDate),
"Signing key is revoked at this point"); "Signing key is revoked at this point");
assertDoesNotThrow(() -> assertDoesNotThrow(() ->
SignatureChainValidator.validateSignatureChain( CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
valid, getSignedData(data), publicKeys, policy, validationDate), valid, getSignedData(data), publicKeys, policy, validationDate),
"Signing key is revalidated"); "Signing key is revalidated");
} }
@ -951,17 +951,17 @@ public class SignatureChainValidatorTest {
Date validationDate = new Date(); Date validationDate = new Date();
String data = "Hello, World"; String data = "Hello, World";
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate), predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
"Signature predates primary key creation date"); "Signature predates primary key creation date");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
valid, getSignedData(data), publicKeys, policy, validationDate), valid, getSignedData(data), publicKeys, policy, validationDate),
"Signature is valid"); "Signature is valid");
assertThrows(SignatureValidationException.class, () -> assertThrows(SignatureValidationException.class, () ->
SignatureChainValidator.validateSignatureChain( CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
revoked, getSignedData(data), publicKeys, policy, validationDate), revoked, getSignedData(data), publicKeys, policy, validationDate),
"Primary key is revoked"); "Primary key is revoked");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
revalidated, getSignedData(data), publicKeys, policy, validationDate), revalidated, getSignedData(data), publicKeys, policy, validationDate),
"Primary key is re-legitimized"); "Primary key is re-legitimized");
} }
@ -1292,43 +1292,43 @@ public class SignatureChainValidatorTest {
Date validationDate = new Date(); Date validationDate = new Date();
String data = "Hello World :)"; String data = "Hello World :)";
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigAT0, getSignedData(data), keysA, policy, validationDate), sigAT0, getSignedData(data), keysA, policy, validationDate),
"Signature predates key creation time"); "Signature predates key creation time");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigAT1_T2, getSignedData(data), keysA, policy, validationDate), sigAT1_T2, getSignedData(data), keysA, policy, validationDate),
"Key valid"); "Key valid");
assertThrows(SignatureValidationException.class, () -> assertThrows(SignatureValidationException.class, () ->
SignatureChainValidator.validateSignatureChain( CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigAT2_T3, getSignedData(data), keysA, policy, validationDate), sigAT2_T3, getSignedData(data), keysA, policy, validationDate),
"Key is not valid, as subkey binding expired"); "Key is not valid, as subkey binding expired");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigAT3_now, getSignedData(data), keysA, policy, validationDate), sigAT3_now, getSignedData(data), keysA, policy, validationDate),
"Key is valid again"); "Key is valid again");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigBT0, getSignedData(data), keysB, policy, validationDate), sigBT0, getSignedData(data), keysB, policy, validationDate),
"Signature predates key creation time"); "Signature predates key creation time");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigBT1_T2, getSignedData(data), keysB, policy, validationDate), sigBT1_T2, getSignedData(data), keysB, policy, validationDate),
"Key is valid"); "Key is valid");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigBT2_T3, getSignedData(data), keysB, policy, validationDate), sigBT2_T3, getSignedData(data), keysB, policy, validationDate),
"Primary key is not signing-capable"); "Primary key is not signing-capable");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigBT3_now, getSignedData(data), keysB, policy, validationDate), sigBT3_now, getSignedData(data), keysB, policy, validationDate),
"Key is valid again"); "Key is valid again");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigCT0, getSignedData(data), keysC, policy, validationDate), sigCT0, getSignedData(data), keysC, policy, validationDate),
"Signature predates key creation time"); "Signature predates key creation time");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigCT1_T2, getSignedData(data), keysC, policy, validationDate), sigCT1_T2, getSignedData(data), keysC, policy, validationDate),
"Key is valid"); "Key is valid");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain( assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigCT2_T3, getSignedData(data), keysC, policy, validationDate), sigCT2_T3, getSignedData(data), keysC, policy, validationDate),
"Key is revoked"); "Key is revoked");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain( assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigCT3_now, getSignedData(data), keysC, policy, validationDate), sigCT3_now, getSignedData(data), keysC, policy, validationDate),
"Key is valid again"); "Key is valid again");
} }

10
pgpainless-core/src/test/java/org/pgpainless/signature/KeyRevocationTest.java
View file

@ -164,16 +164,16 @@ public class KeyRevocationTest {
PGPSignature t2t3 = SignatureUtils.readSignatures(sigT2T3).get(0); PGPSignature t2t3 = SignatureUtils.readSignatures(sigT2T3).get(0);
PGPSignature t3now = SignatureUtils.readSignatures(sigT3Now).get(0); PGPSignature t3now = SignatureUtils.readSignatures(sigT3Now).get(0);
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t0, assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t0,
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)), new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
publicKeys, PGPainless.getPolicy(), new Date())); publicKeys, PGPainless.getPolicy(), new Date()));
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t1t2, assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t1t2,
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)), new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
publicKeys, PGPainless.getPolicy(), new Date())); publicKeys, PGPainless.getPolicy(), new Date()));
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t2t3, assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t2t3,
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)), new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
publicKeys, PGPainless.getPolicy(), new Date())); publicKeys, PGPainless.getPolicy(), new Date()));
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t3now, assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t3now,
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)), new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
publicKeys, PGPainless.getPolicy(), new Date())); publicKeys, PGPainless.getPolicy(), new Date()));
} }
@ -267,7 +267,7 @@ public class KeyRevocationTest {
PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key); PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key);
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0); PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
SignatureChainValidator.validateSignatureChain(signature, CertificateValidator.validateCertificateAndVerifyUninitializedSignature(signature,
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)), new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
publicKeys, PGPainless.getPolicy(), new Date()); publicKeys, PGPainless.getPolicy(), new Date());
} }