Package org.pgpainless.signature.consumer

Class SignatureValidator

java.lang.Object

org.pgpainless.signature.consumer.SignatureValidator

public abstract class SignatureValidator
extends Object

A collection of validators that perform validation steps over signatures.

Constructor Summary

Constructors

Constructor	Description
SignatureValidator()

Method Summary

Modifier and Type	Method	Description
static SignatureValidator	correctPrimaryKeyBindingSignature(org.bouncycastle.openpgp.PGPPublicKey primaryKey, org.bouncycastle.openpgp.PGPPublicKey subkey)	Verify that a primary key binding signature is correct.
static SignatureValidator	correctSignatureOverKey(org.bouncycastle.openpgp.PGPPublicKey signer, org.bouncycastle.openpgp.PGPPublicKey signee)	Verify that a direct-key signature is correct.
static SignatureValidator	correctSignatureOverUserAttributes(org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector userAttributes, org.bouncycastle.openpgp.PGPPublicKey certifiedKey, org.bouncycastle.openpgp.PGPPublicKey certifyingKey)	Verify that a signature over a user-attribute packet is correct.
static SignatureValidator	correctSignatureOverUserId(String userId, org.bouncycastle.openpgp.PGPPublicKey certifiedKey, org.bouncycastle.openpgp.PGPPublicKey certifyingKey)	Verify that a signature over a user-id is correct.
static SignatureValidator	correctSubkeyBindingSignature(org.bouncycastle.openpgp.PGPPublicKey primaryKey, org.bouncycastle.openpgp.PGPPublicKey subkey)	Verify that a subkey binding signature is correct.
static SignatureValidator	hasValidPrimaryKeyBindingSignatureIfRequired(org.bouncycastle.openpgp.PGPPublicKey primaryKey, org.bouncycastle.openpgp.PGPPublicKey subkey, Policy policy, Date validationDate)	Verify that a subkey binding signature - if the subkey is signing-capable - contains a valid primary key binding signature.
static SignatureValidator	signatureDoesNotHaveCriticalUnknownNotations(NotationRegistry registry)	Verify that a signature does not carry critical unknown notations.
static SignatureValidator	signatureDoesNotHaveCriticalUnknownSubpackets()	Verify that a signature does not contain critical unknown subpackets.
static SignatureValidator	signatureDoesNotPredateSigningKey(org.bouncycastle.openpgp.PGPPublicKey key)	Verify that a signature does not predate the creation time of the signing key.
static SignatureValidator	signatureDoesNotPredateSigningKeyBindingDate(org.bouncycastle.openpgp.PGPPublicKey signingKey)	Verify that a signature does not predate the binding date of the signing key.
static SignatureValidator	signatureHasHashedCreationTime()	Verify that a signature has a hashed creation time subpacket.
static SignatureValidator	signatureIsAlreadyEffective(Date validationDate)	Verify that a signature was created prior to the given reference date.
static SignatureValidator	signatureIsCertification()	Verify that a signature is a certification signature.
static SignatureValidator	signatureIsEffective()	Verify that a signature is effective right now.
static SignatureValidator	signatureIsEffective(Date validationDate)	Verify that a signature is effective at the given reference date.
static SignatureValidator	signatureIsNotMalformed(org.bouncycastle.openpgp.PGPPublicKey creator)	Verify that a signature is not malformed.
static SignatureValidator	signatureIsNotYetExpired(Date validationDate)	Verify that a signature is not yet expired.
static SignatureValidator	signatureIsOfType(SignatureType... signatureTypes)	Verify that a signature type equals one of the given SignatureTypes.
static SignatureValidator	signatureStructureIsAcceptable(org.bouncycastle.openpgp.PGPPublicKey signingKey, Policy policy)	Verify that a signature has an acceptable structure.
static SignatureValidator	signatureWasCreatedInBounds(Date notBefore, Date notAfter)
abstract void	verify(org.bouncycastle.openpgp.PGPSignature signature)
static SignatureValidator	wasPossiblyMadeByKey(org.bouncycastle.openpgp.PGPPublicKey signingKey)	Check, whether there is the possibility that the given signature was created by the given key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SignatureValidator

public SignatureValidator()

Method Detail

verify

public abstract void verify(org.bouncycastle.openpgp.PGPSignature signature)
                     throws SignatureValidationException

Throws:

SignatureValidationException

wasPossiblyMadeByKey

public static SignatureValidator wasPossiblyMadeByKey(org.bouncycastle.openpgp.PGPPublicKey signingKey)

Check, whether there is the possibility that the given signature was created by the given key. verify(PGPSignature) throws a SignatureValidationException if we can say with certainty that the signature was not created by the given key (e.g. if the sig carries another issuer, issuer fingerprint packet). If there is no information found in the signature about who created it (no issuer, no fingerprint), verify(PGPSignature) will simply return since it is plausible that the given key created the sig.

Parameters:

signingKey - signing key

Returns:

validator that throws a SignatureValidationException if the signature was not possibly made by the given key.

hasValidPrimaryKeyBindingSignatureIfRequired

public static SignatureValidator hasValidPrimaryKeyBindingSignatureIfRequired(org.bouncycastle.openpgp.PGPPublicKey primaryKey,
                                                                              org.bouncycastle.openpgp.PGPPublicKey subkey,
                                                                              Policy policy,
                                                                              Date validationDate)

Verify that a subkey binding signature - if the subkey is signing-capable - contains a valid primary key binding signature.

Parameters:

primaryKey - primary key

subkey - subkey

policy - policy

validationDate - reference date for signature verification

Returns:

validator

signatureStructureIsAcceptable

public static SignatureValidator signatureStructureIsAcceptable(org.bouncycastle.openpgp.PGPPublicKey signingKey,
                                                                Policy policy)

Verify that a signature has an acceptable structure.

Parameters:

signingKey - signing key

policy - policy

Returns:

validator

signatureDoesNotHaveCriticalUnknownNotations

public static SignatureValidator signatureDoesNotHaveCriticalUnknownNotations(NotationRegistry registry)

Verify that a signature does not carry critical unknown notations.

Parameters:

registry - notation registry of known notations

Returns:

validator

signatureDoesNotHaveCriticalUnknownSubpackets

public static SignatureValidator signatureDoesNotHaveCriticalUnknownSubpackets()

Verify that a signature does not contain critical unknown subpackets.

Returns:

validator

signatureIsEffective

public static SignatureValidator signatureIsEffective()

Verify that a signature is effective right now.

Returns:

validator

signatureIsEffective

public static SignatureValidator signatureIsEffective(Date validationDate)

Verify that a signature is effective at the given reference date.

Parameters:

validationDate - reference date for signature verification

Returns:

validator

signatureIsAlreadyEffective

public static SignatureValidator signatureIsAlreadyEffective(Date validationDate)

Verify that a signature was created prior to the given reference date.

Parameters:

validationDate - reference date for signature verification

Returns:

validator

signatureIsNotYetExpired

public static SignatureValidator signatureIsNotYetExpired(Date validationDate)

Verify that a signature is not yet expired.

Parameters:

validationDate - reference date for signature verification

Returns:

validator

signatureIsNotMalformed

public static SignatureValidator signatureIsNotMalformed(org.bouncycastle.openpgp.PGPPublicKey creator)

Verify that a signature is not malformed. A signature is malformed if it has no hashed creation time subpacket, it predates the creation time of the signing key, or it predates the creation date of the signing key binding signature.

Parameters:

creator - signing key

Returns:

validator

signatureHasHashedCreationTime

public static SignatureValidator signatureHasHashedCreationTime()

Verify that a signature has a hashed creation time subpacket.

Returns:

validator

signatureDoesNotPredateSigningKey

public static SignatureValidator signatureDoesNotPredateSigningKey(org.bouncycastle.openpgp.PGPPublicKey key)

Verify that a signature does not predate the creation time of the signing key.

Parameters:

key - signing key

Returns:

validator

signatureDoesNotPredateSigningKeyBindingDate

public static SignatureValidator signatureDoesNotPredateSigningKeyBindingDate(org.bouncycastle.openpgp.PGPPublicKey signingKey)

Verify that a signature does not predate the binding date of the signing key.

Parameters:

signingKey - signing key

Returns:

validator

correctSubkeyBindingSignature

public static SignatureValidator correctSubkeyBindingSignature(org.bouncycastle.openpgp.PGPPublicKey primaryKey,
                                                               org.bouncycastle.openpgp.PGPPublicKey subkey)

Verify that a subkey binding signature is correct.

Parameters:

primaryKey - primary key

subkey - subkey

Returns:

validator

correctPrimaryKeyBindingSignature

public static SignatureValidator correctPrimaryKeyBindingSignature(org.bouncycastle.openpgp.PGPPublicKey primaryKey,
                                                                   org.bouncycastle.openpgp.PGPPublicKey subkey)

Verify that a primary key binding signature is correct.

Parameters:

primaryKey - primary key

subkey - subkey

Returns:

validator

correctSignatureOverKey

public static SignatureValidator correctSignatureOverKey(org.bouncycastle.openpgp.PGPPublicKey signer,
                                                         org.bouncycastle.openpgp.PGPPublicKey signee)

Verify that a direct-key signature is correct.

Parameters:

signer - signing key

signee - signed key

Returns:

validator

signatureIsCertification

public static SignatureValidator signatureIsCertification()

Verify that a signature is a certification signature.

Returns:

validator

signatureIsOfType

public static SignatureValidator signatureIsOfType(SignatureType... signatureTypes)

Verify that a signature type equals one of the given SignatureTypes.

Parameters:

signatureTypes - one or more signature types

Returns:

validator

correctSignatureOverUserId

public static SignatureValidator correctSignatureOverUserId(String userId,
                                                            org.bouncycastle.openpgp.PGPPublicKey certifiedKey,
                                                            org.bouncycastle.openpgp.PGPPublicKey certifyingKey)

Verify that a signature over a user-id is correct.

Parameters:

userId - user-id

certifiedKey - key carrying the user-id

certifyingKey - key that created the signature.

Returns:

validator

correctSignatureOverUserAttributes

public static SignatureValidator correctSignatureOverUserAttributes(org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector userAttributes,
                                                                    org.bouncycastle.openpgp.PGPPublicKey certifiedKey,
                                                                    org.bouncycastle.openpgp.PGPPublicKey certifyingKey)

Verify that a signature over a user-attribute packet is correct.

Parameters:

userAttributes - user attributes

certifiedKey - key carrying the user-attributes

certifyingKey - key that created the certification signature

Returns:

validator

signatureWasCreatedInBounds

public static SignatureValidator signatureWasCreatedInBounds(Date notBefore,
                                                             Date notAfter)