1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-26 22:32:07 +01:00

Refactoring

This commit is contained in:
Paul Schaub 2021-08-18 13:19:43 +02:00
parent 5a9b8a2c50
commit 8c3b694a71
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
8 changed files with 94 additions and 91 deletions

View file

@ -28,7 +28,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.util.io.Streams;
import org.pgpainless.PGPainless;
import org.pgpainless.signature.DetachedSignature;
import org.pgpainless.signature.SignatureChainValidator;
import org.pgpainless.signature.CertificateValidator;
import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.util.IntegrityProtectedInputStream;
@ -105,7 +105,7 @@ public class DecryptionStream extends InputStream {
for (DetachedSignature s : resultBuilder.getDetachedSignatures()) {
try {
verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(s.getSignature());
boolean verified = SignatureChainValidator.validateSignature(s.getSignature(), (PGPPublicKeyRing) s.getSigningKeyRing(), PGPainless.getPolicy());
boolean verified = CertificateValidator.validateCertificateAndVerifyInitializedSignature(s.getSignature(), (PGPPublicKeyRing) s.getSigningKeyRing(), PGPainless.getPolicy());
s.setVerified(verified);
} catch (SignatureValidationException e) {
LOGGER.log(Level.WARNING, "Could not verify signature of key " + s.getSigningKeyIdentifier(), e);

View file

@ -20,21 +20,20 @@ import static org.pgpainless.signature.SignatureValidator.verifySignatureCreatio
import java.io.FilterInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.SignatureException;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.pgpainless.PGPainless;
import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.policy.Policy;
import org.pgpainless.signature.OnePassSignature;
import org.pgpainless.signature.SignatureChainValidator;
import org.pgpainless.signature.CertificateValidator;
public class SignatureVerifyingInputStream extends FilterInputStream {
@ -103,7 +102,7 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
}
verifySignatureOrThrowSignatureException(signature, onePassSignature);
} catch (PGPException | SignatureException e) {
} catch (SignatureValidationException e) {
LOGGER.log(LEVEL, "One-pass-signature verification failed for signature made by key " +
Long.toHexString(signature.getKeyID()) + ": " + e.getMessage(), e);
}
@ -111,10 +110,10 @@ public class SignatureVerifyingInputStream extends FilterInputStream {
}
private void verifySignatureOrThrowSignatureException(PGPSignature signature, OnePassSignature onePassSignature)
throws PGPException, SignatureException {
throws SignatureValidationException {
Policy policy = PGPainless.getPolicy();
verifySignatureCreationTimeIsInBounds(options.getVerifyNotBefore(), options.getVerifyNotAfter()).verify(signature);
SignatureChainValidator.validateOnePassSignature(signature, onePassSignature, policy);
CertificateValidator.validateCertificateAndVerifyOnePassSignature(signature, onePassSignature, policy);
}
private OnePassSignature findOnePassSignature(OpenPgpV4Fingerprint fingerprint) {

View file

@ -15,12 +15,9 @@
*/
package org.pgpainless.signature;
import static org.pgpainless.signature.SignatureValidator.signatureIsEffective;
import static org.pgpainless.signature.SignatureValidator.signatureStructureIsAcceptable;
import static org.pgpainless.signature.SignatureValidator.verifyWasPossiblyMadeByKey;
import static org.pgpainless.signature.SignatureValidator.verifyOnePassSignature;
import java.io.InputStream;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
@ -33,7 +30,6 @@ import java.util.logging.Logger;
import org.bouncycastle.bcpg.sig.KeyFlags;
import org.bouncycastle.bcpg.sig.SignerUserID;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
@ -48,13 +44,13 @@ import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
* Its responsibilities are checking if a signing key was eligible to create a certain signature
* and if the signature is valid at the time of validation.
*/
public final class SignatureChainValidator {
public final class CertificateValidator {
private SignatureChainValidator() {
private CertificateValidator() {
}
private static final Logger LOGGER = Logger.getLogger(SignatureChainValidator.class.getName());
private static final Logger LOGGER = Logger.getLogger(CertificateValidator.class.getName());
/**
* Check if the signing key was eligible to create the provided signature.
@ -71,7 +67,7 @@ public final class SignatureChainValidator {
* @return true if the signing key was eligible to create the signature
* @throws SignatureValidationException in case of a validation constraint violation
*/
public static boolean validateSigningKey(PGPSignature signature, PGPPublicKeyRing signingKeyRing, Policy policy)
public static boolean validateCertificate(PGPSignature signature, PGPPublicKeyRing signingKeyRing, Policy policy)
throws SignatureValidationException {
Map<PGPSignature, Exception> rejections = new ConcurrentHashMap<>();
@ -240,13 +236,13 @@ public final class SignatureChainValidator {
* @return true if the signature is valid, false otherwise
* @throws SignatureValidationException for validation constraint violations
*/
public static boolean validateSignatureChain(PGPSignature signature,
public static boolean validateCertificateAndVerifyUninitializedSignature(PGPSignature signature,
InputStream signedData,
PGPPublicKeyRing signingKeyRing,
Policy policy,
Date validationDate)
throws SignatureValidationException {
validateSigningKey(signature, signingKeyRing, policy);
validateCertificate(signature, signingKeyRing, policy);
long keyId = SignatureUtils.determineIssuerKeyId(signature);
return SignatureValidator.verifyUninitializedSignature(signature, signedData, signingKeyRing.getPublicKey(keyId), policy, validationDate);
}
@ -261,34 +257,20 @@ public final class SignatureChainValidator {
* @return true if the signature is valid, false otherwise
* @throws SignatureValidationException in case of a validation constraint violation
*/
public static boolean validateSignature(PGPSignature signature, PGPPublicKeyRing verificationKeys, Policy policy)
public static boolean validateCertificateAndVerifyInitializedSignature(PGPSignature signature, PGPPublicKeyRing verificationKeys, Policy policy)
throws SignatureValidationException {
validateSigningKey(signature, verificationKeys, policy);
validateCertificate(signature, verificationKeys, policy);
long keyId = SignatureUtils.determineIssuerKeyId(signature);
PGPPublicKey signingKey = verificationKeys.getPublicKey(keyId);
SignatureValidator.verifyInitializedSignature(signature, signingKey, policy, signature.getCreationTime());
return true;
}
public static boolean validateOnePassSignature(PGPSignature signature, OnePassSignature onePassSignature, Policy policy) throws PGPException, SignatureException {
public static boolean validateCertificateAndVerifyOnePassSignature(PGPSignature signature, OnePassSignature onePassSignature, Policy policy)
throws SignatureValidationException {
validateCertificate(signature, onePassSignature.getVerificationKeys(), policy);
PGPPublicKey signingKey = onePassSignature.getVerificationKeys().getPublicKey(signature.getKeyID());
try {
verifyWasPossiblyMadeByKey(signingKey, signature);
signatureStructureIsAcceptable(signingKey, policy).verify(signature);
signatureIsEffective().verify(signature);
} catch (SignatureValidationException e) {
throw new SignatureException("Signature is not valid: " + e.getMessage(), e);
}
try {
validateSigningKey(signature, onePassSignature.getVerificationKeys(), policy);
} catch (SignatureValidationException e) {
throw new SignatureException("Signing key " + Long.toHexString(signingKey.getKeyID()) + " is not valid: " + e.getMessage(), e);
}
if (!onePassSignature.verify(signature)) {
throw new SignatureException("Bad signature of key " + Long.toHexString(signingKey.getKeyID()));
}
verifyOnePassSignature(signature, signingKey, onePassSignature, policy);
return true;
}
}

View file

@ -83,8 +83,9 @@ public abstract class SignatureValidator {
try {
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signingKey);
int read;
while ((read = signedData.read()) != -1) {
signature.update((byte) read);
byte[] buf = new byte[8192];
while ((read = signedData.read(buf)) != -1) {
signature.update(buf, 0, read);
}
} catch (PGPException e) {
throw new SignatureValidationException("Cannot init signature.", e);
@ -121,6 +122,27 @@ public abstract class SignatureValidator {
}
}
public static boolean verifyOnePassSignature(PGPSignature signature, PGPPublicKey signingKey, OnePassSignature onePassSignature, Policy policy)
throws SignatureValidationException {
try {
verifyWasPossiblyMadeByKey(signingKey, signature);
signatureStructureIsAcceptable(signingKey, policy).verify(signature);
signatureIsEffective().verify(signature);
} catch (SignatureValidationException e) {
throw new SignatureValidationException("Signature is not valid: " + e.getMessage(), e);
}
try {
if (!onePassSignature.verify(signature)) {
throw new SignatureValidationException("Bad signature of key " + Long.toHexString(signingKey.getKeyID()));
}
} catch (PGPException e) {
throw new SignatureValidationException("Could not verify correctness of One-Pass-Signature: " + e.getMessage(), e);
}
return true;
}
/**
* Verify a signature (certification or revocation) over a user-id.
*

View file

@ -36,7 +36,7 @@ import org.bouncycastle.util.Strings;
import org.pgpainless.PGPainless;
import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.signature.SignatureChainValidator;
import org.pgpainless.signature.CertificateValidator;
import org.pgpainless.util.ArmoredInputStreamFactory;
/**
@ -140,7 +140,7 @@ public class CleartextSignatureProcessor {
}
sigIn.close();
SignatureChainValidator.validateSignature(signature, signingKeyRing, PGPainless.getPolicy());
CertificateValidator.validateCertificateAndVerifyInitializedSignature(signature, signingKeyRing, PGPainless.getPolicy());
return signature;
}

View file

@ -2016,7 +2016,7 @@ public class BindingSignatureSubpacketsTest {
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
try {
SignatureChainValidator.validateSignatureChain(signature, getSignedData(data), publicKeys, policy, validationDate);
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(signature, getSignedData(data), publicKeys, policy, validationDate);
} catch (SignatureValidationException e) {
// CHECKSTYLE:OFF
e.printStackTrace();
@ -2030,7 +2030,7 @@ public class BindingSignatureSubpacketsTest {
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
assertThrows(SignatureValidationException.class, () ->
SignatureChainValidator.validateSignatureChain(
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
signature, getSignedData(data), publicKeys, policy, validationDate),
message);
}

View file

@ -40,7 +40,7 @@ import org.pgpainless.exception.SignatureValidationException;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.policy.Policy;
public class SignatureChainValidatorTest {
public class CertificateValidatorTest {
/**
* Primary Key signs and is hard revoked with reason: unknown.
@ -181,16 +181,16 @@ public class SignatureChainValidatorTest {
Date validationDate = new Date();
String data = "Hello, World";
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
"Signature predates primary key");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
unboundSubkey, getSignedData(data), publicKeys, policy, validationDate),
"Primary key hard revoked");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
primaryKeyRevoked, getSignedData(data), publicKeys, policy, validationDate),
"Primary key hard revoked");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
primaryKeyRevalidated, getSignedData(data), publicKeys, policy, validationDate),
"Primary key hard revoked");
}
@ -333,16 +333,16 @@ public class SignatureChainValidatorTest {
Date validationDate = new Date();
String data = "Hello, World";
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
"Signature predates primary key");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
unboundSubkey, getSignedData(data), publicKeys, policy, validationDate),
"Signing key unbound + hard revocation");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
revokedSubkey, getSignedData(data), publicKeys, policy, validationDate),
"Primary key is hard revoked");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
revalidatedSubkey, getSignedData(data), publicKeys, policy, validationDate),
"Primary key is hard revoked");
}
@ -486,16 +486,16 @@ public class SignatureChainValidatorTest {
Date validationDate = new Date();
String data = "Hello World :)";
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
"Signature predates primary key");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
unboundKey, getSignedData(data), publicKeys, policy, validationDate),
"Signing key unbound + hard revocation");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
afterHardRevocation, getSignedData(data), publicKeys, policy, validationDate),
"Hard revocation invalidates key at all times");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
afterRevalidation, getSignedData(data), publicKeys, policy, validationDate),
"Hard revocation invalidates key at all times");
}
@ -638,22 +638,22 @@ public class SignatureChainValidatorTest {
String data = "Hello, World";
// Sig not valid, as it predates the signing key creation time
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
predatesPrimaryKey, getSignedData(data), publicKeys, policy, predatesPrimaryKey.getCreationTime()),
"Signature predates primary key creation date");
// Sig valid
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
keyIsValid, getSignedData(data), publicKeys, policy, keyIsValid.getCreationTime()),
"Signature is valid");
// Sig not valid, as the signing key is revoked
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
keyIsRevoked, getSignedData(data), publicKeys, policy, keyIsRevoked.getCreationTime()),
"Signing key is revoked at this point");
// Sig valid, as the signing key is revalidated
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
keyIsRevalidated, getSignedData(data), publicKeys, policy, keyIsRevalidated.getCreationTime()),
"Signature is valid, as signing key is revalidated");
}
@ -797,17 +797,17 @@ public class SignatureChainValidatorTest {
String data = "Hello, World";
Date validationDate = new Date();
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
"Signature predates primary key creation date");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
keyNotBound, getSignedData(data), publicKeys, policy, validationDate),
"Signing key is not bound at this point");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
keyRevoked, getSignedData(data), publicKeys, policy, validationDate),
"Signing key is revoked at this point");
assertDoesNotThrow(() ->
SignatureChainValidator.validateSignatureChain(
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
valid, getSignedData(data), publicKeys, policy, validationDate),
"Signing key is revalidated");
}
@ -951,17 +951,17 @@ public class SignatureChainValidatorTest {
Date validationDate = new Date();
String data = "Hello, World";
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
predatesPrimaryKey, getSignedData(data), publicKeys, policy, validationDate),
"Signature predates primary key creation date");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
valid, getSignedData(data), publicKeys, policy, validationDate),
"Signature is valid");
assertThrows(SignatureValidationException.class, () ->
SignatureChainValidator.validateSignatureChain(
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
revoked, getSignedData(data), publicKeys, policy, validationDate),
"Primary key is revoked");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
revalidated, getSignedData(data), publicKeys, policy, validationDate),
"Primary key is re-legitimized");
}
@ -1292,43 +1292,43 @@ public class SignatureChainValidatorTest {
Date validationDate = new Date();
String data = "Hello World :)";
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigAT0, getSignedData(data), keysA, policy, validationDate),
"Signature predates key creation time");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigAT1_T2, getSignedData(data), keysA, policy, validationDate),
"Key valid");
assertThrows(SignatureValidationException.class, () ->
SignatureChainValidator.validateSignatureChain(
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigAT2_T3, getSignedData(data), keysA, policy, validationDate),
"Key is not valid, as subkey binding expired");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigAT3_now, getSignedData(data), keysA, policy, validationDate),
"Key is valid again");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigBT0, getSignedData(data), keysB, policy, validationDate),
"Signature predates key creation time");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigBT1_T2, getSignedData(data), keysB, policy, validationDate),
"Key is valid");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigBT2_T3, getSignedData(data), keysB, policy, validationDate),
"Primary key is not signing-capable");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigBT3_now, getSignedData(data), keysB, policy, validationDate),
"Key is valid again");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigCT0, getSignedData(data), keysC, policy, validationDate),
"Signature predates key creation time");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigCT1_T2, getSignedData(data), keysC, policy, validationDate),
"Key is valid");
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigCT2_T3, getSignedData(data), keysC, policy, validationDate),
"Key is revoked");
assertDoesNotThrow(() -> SignatureChainValidator.validateSignatureChain(
assertDoesNotThrow(() -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(
sigCT3_now, getSignedData(data), keysC, policy, validationDate),
"Key is valid again");
}

View file

@ -164,16 +164,16 @@ public class KeyRevocationTest {
PGPSignature t2t3 = SignatureUtils.readSignatures(sigT2T3).get(0);
PGPSignature t3now = SignatureUtils.readSignatures(sigT3Now).get(0);
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t0,
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t0,
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
publicKeys, PGPainless.getPolicy(), new Date()));
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t1t2,
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t1t2,
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
publicKeys, PGPainless.getPolicy(), new Date()));
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t2t3,
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t2t3,
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
publicKeys, PGPainless.getPolicy(), new Date()));
assertThrows(SignatureValidationException.class, () -> SignatureChainValidator.validateSignatureChain(t3now,
assertThrows(SignatureValidationException.class, () -> CertificateValidator.validateCertificateAndVerifyUninitializedSignature(t3now,
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
publicKeys, PGPainless.getPolicy(), new Date()));
}
@ -267,7 +267,7 @@ public class KeyRevocationTest {
PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key);
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
SignatureChainValidator.validateSignatureChain(signature,
CertificateValidator.validateCertificateAndVerifyUninitializedSignature(signature,
new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)),
publicKeys, PGPainless.getPolicy(), new Date());
}