Class SignatureValidator


  • public abstract class SignatureValidator
    extends Object
    A collection of validators that perform validation steps over signatures.
    • Method Detail

      • wasPossiblyMadeByKey

        public static SignatureValidator wasPossiblyMadeByKey​(org.bouncycastle.openpgp.PGPPublicKey signingKey)
        Check, whether there is the possibility that the given signature was created by the given key. verify(PGPSignature) throws a SignatureValidationException if we can say with certainty that the signature was not created by the given key (e.g. if the sig carries another issuer, issuer fingerprint packet). If there is no information found in the signature about who created it (no issuer, no fingerprint), verify(PGPSignature) will simply return since it is plausible that the given key created the sig.
        Parameters:
        signingKey - signing key
        Returns:
        validator that throws a SignatureValidationException if the signature was not possibly made by the given key.
      • hasValidPrimaryKeyBindingSignatureIfRequired

        public static SignatureValidator hasValidPrimaryKeyBindingSignatureIfRequired​(org.bouncycastle.openpgp.PGPPublicKey primaryKey,
                                                                                      org.bouncycastle.openpgp.PGPPublicKey subkey,
                                                                                      Policy policy,
                                                                                      Date validationDate)
        Verify that a subkey binding signature - if the subkey is signing-capable - contains a valid primary key binding signature.
        Parameters:
        primaryKey - primary key
        subkey - subkey
        policy - policy
        validationDate - reference date for signature verification
        Returns:
        validator
      • signatureStructureIsAcceptable

        public static SignatureValidator signatureStructureIsAcceptable​(org.bouncycastle.openpgp.PGPPublicKey signingKey,
                                                                        Policy policy)
        Verify that a signature has an acceptable structure.
        Parameters:
        signingKey - signing key
        policy - policy
        Returns:
        validator
      • signatureIsEffective

        public static SignatureValidator signatureIsEffective​(Date validationDate)
        Verify that a signature is effective at the given reference date.
        Parameters:
        validationDate - reference date for signature verification
        Returns:
        validator
      • signatureIsAlreadyEffective

        public static SignatureValidator signatureIsAlreadyEffective​(Date validationDate)
        Verify that a signature was created prior to the given reference date.
        Parameters:
        validationDate - reference date for signature verification
        Returns:
        validator
      • signatureIsNotYetExpired

        public static SignatureValidator signatureIsNotYetExpired​(Date validationDate)
        Verify that a signature is not yet expired.
        Parameters:
        validationDate - reference date for signature verification
        Returns:
        validator
      • signatureIsNotMalformed

        public static SignatureValidator signatureIsNotMalformed​(org.bouncycastle.openpgp.PGPPublicKey creator)
        Verify that a signature is not malformed. A signature is malformed if it has no hashed creation time subpacket, it predates the creation time of the signing key, or it predates the creation date of the signing key binding signature.
        Parameters:
        creator - signing key
        Returns:
        validator
      • signatureDoesNotPredateSigningKey

        public static SignatureValidator signatureDoesNotPredateSigningKey​(org.bouncycastle.openpgp.PGPPublicKey key)
        Verify that a signature does not predate the creation time of the signing key.
        Parameters:
        key - signing key
        Returns:
        validator
      • signatureDoesNotPredateSigningKeyBindingDate

        public static SignatureValidator signatureDoesNotPredateSigningKeyBindingDate​(org.bouncycastle.openpgp.PGPPublicKey signingKey)
        Verify that a signature does not predate the binding date of the signing key.
        Parameters:
        signingKey - signing key
        Returns:
        validator
      • correctSubkeyBindingSignature

        public static SignatureValidator correctSubkeyBindingSignature​(org.bouncycastle.openpgp.PGPPublicKey primaryKey,
                                                                       org.bouncycastle.openpgp.PGPPublicKey subkey)
        Verify that a subkey binding signature is correct.
        Parameters:
        primaryKey - primary key
        subkey - subkey
        Returns:
        validator
      • correctPrimaryKeyBindingSignature

        public static SignatureValidator correctPrimaryKeyBindingSignature​(org.bouncycastle.openpgp.PGPPublicKey primaryKey,
                                                                           org.bouncycastle.openpgp.PGPPublicKey subkey)
        Verify that a primary key binding signature is correct.
        Parameters:
        primaryKey - primary key
        subkey - subkey
        Returns:
        validator
      • correctSignatureOverKey

        public static SignatureValidator correctSignatureOverKey​(org.bouncycastle.openpgp.PGPPublicKey signer,
                                                                 org.bouncycastle.openpgp.PGPPublicKey signee)
        Verify that a direct-key signature is correct.
        Parameters:
        signer - signing key
        signee - signed key
        Returns:
        validator
      • correctSignatureOverUserId

        public static SignatureValidator correctSignatureOverUserId​(String userId,
                                                                    org.bouncycastle.openpgp.PGPPublicKey certifiedKey,
                                                                    org.bouncycastle.openpgp.PGPPublicKey certifyingKey)
        Verify that a signature over a user-id is correct.
        Parameters:
        userId - user-id
        certifiedKey - key carrying the user-id
        certifyingKey - key that created the signature.
        Returns:
        validator
      • correctSignatureOverUserAttributes

        public static SignatureValidator correctSignatureOverUserAttributes​(org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector userAttributes,
                                                                            org.bouncycastle.openpgp.PGPPublicKey certifiedKey,
                                                                            org.bouncycastle.openpgp.PGPPublicKey certifyingKey)
        Verify that a signature over a user-attribute packet is correct.
        Parameters:
        userAttributes - user attributes
        certifiedKey - key carrying the user-attributes
        certifyingKey - key that created the certification signature
        Returns:
        validator