java.lang.Object
- org.pgpainless.signature.consumer.CertificateValidator

```
public final class CertificateValidator
extends Object
```
A collection of static methods that validate signing certificates (public keys) and verify signature correctness.

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static boolean`	`validateCertificate(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKeyRing signingKeyRing, Policy policy)`	Check if the signing key was eligible to create the provided signature.
`static boolean`	`validateCertificateAndVerifyInitializedSignature(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKeyRing verificationKeys, Policy policy)`	Validate the signing key and the given initialized signature.
`static boolean`	`validateCertificateAndVerifyOnePassSignature(OnePassSignatureCheck onePassSignature, Policy policy)`	Validate the signing key certificate and the given `OnePassSignatureCheck`.
`static boolean`	`validateCertificateAndVerifyUninitializedSignature(org.bouncycastle.openpgp.PGPSignature signature, InputStream signedData, org.bouncycastle.openpgp.PGPPublicKeyRing signingKeyRing, Policy policy, Date validationDate)`	Validate the given signing key and then verify the given signature while parsing out the signed data.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

validateCertificate
```
public static boolean validateCertificate(org.bouncycastle.openpgp.PGPSignature signature,
                                          org.bouncycastle.openpgp.PGPPublicKeyRing signingKeyRing,
                                          Policy policy)
                                   throws SignatureValidationException
```
Check if the signing key was eligible to create the provided signature. That entails: - Check, if the primary key is being revoked via key-revocation signatures. - Check, if the keys user-ids are revoked or not bound. - Check, if the signing subkey is revoked or expired. - Check, if the signing key is not capable of signing

Parameters:

signature - signature

signingKeyRing - signing key ring

policy - validation policy

Returns:

true if the signing key was eligible to create the signature

Throws:

SignatureValidationException - in case of a validation constraint violation

validateCertificateAndVerifyUninitializedSignature

public static boolean validateCertificateAndVerifyUninitializedSignature(org.bouncycastle.openpgp.PGPSignature signature,
                                                                         InputStream signedData,
                                                                         org.bouncycastle.openpgp.PGPPublicKeyRing signingKeyRing,
                                                                         Policy policy,
                                                                         Date validationDate)
                                                                  throws SignatureValidationException

Validate the given signing key and then verify the given signature while parsing out the signed data. Uninitialized means that no signed data has been read and the hash generators state has not yet been updated.

Parameters:: signature - uninitialized signature; signedData - input stream containing signed data; signingKeyRing - key ring containing signing key; policy - validation policy; validationDate - date of validation
Returns:: true if the signature is valid, false otherwise
Throws:: SignatureValidationException - for validation constraint violations

validateCertificateAndVerifyInitializedSignature

public static boolean validateCertificateAndVerifyInitializedSignature(org.bouncycastle.openpgp.PGPSignature signature,
                                                                       org.bouncycastle.openpgp.PGPPublicKeyRing verificationKeys,
                                                                       Policy policy)
                                                                throws SignatureValidationException

Validate the signing key and the given initialized signature. Initialized means that the signatures hash generator has already been updated by reading the signed data completely.

Parameters:: signature - initialized signature; verificationKeys - key ring containing the verification key; policy - validation policy
Returns:: true if the signature is valid, false otherwise
Throws:: SignatureValidationException - in case of a validation constraint violation

validateCertificateAndVerifyOnePassSignature

public static boolean validateCertificateAndVerifyOnePassSignature(OnePassSignatureCheck onePassSignature,
                                                                   Policy policy)
                                                            throws SignatureValidationException

Validate the signing key certificate and the given OnePassSignatureCheck.

Parameters:: onePassSignature - corresponding one-pass-signature; policy - policy
Returns:: true if the certificate is valid and the signature is correct, false otherwise.
Throws:: SignatureValidationException - in case of a validation error

Class CertificateValidator

Method Summary

Methods inherited from class java.lang.Object

Method Detail

validateCertificate

validateCertificateAndVerifyUninitializedSignature

validateCertificateAndVerifyInitializedSignature

validateCertificateAndVerifyOnePassSignature