Package org.pgpainless.signature
Class SignatureChainValidator
- java.lang.Object
-
- org.pgpainless.signature.SignatureChainValidator
-
public class SignatureChainValidator extends java.lang.ObjectThis class implements validity checks on OpenPGP signatures. Its responsibilities are checking if a signing key was eligible to create a certain signature and if the signature is valid at the time of validation.
-
-
Constructor Summary
Constructors Constructor Description SignatureChainValidator()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static booleanvalidateSignature(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKeyRing verificationKeys, Policy policy)Validate the signing key and the given initialized signature.static booleanvalidateSignatureChain(org.bouncycastle.openpgp.PGPSignature signature, java.io.InputStream signedData, org.bouncycastle.openpgp.PGPPublicKeyRing signingKeyRing, Policy policy, java.util.Date validationDate)Validate the given signing key and then verify the given signature while parsing out the signed data.static booleanvalidateSigningKey(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKeyRing signingKeyRing, Policy policy)Check if the signing key was eligible to create the provided signature.
-
-
-
Method Detail
-
validateSigningKey
public static boolean validateSigningKey(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKeyRing signingKeyRing, Policy policy) throws SignatureValidationExceptionCheck if the signing key was eligible to create the provided signature. That entails: - Check, if the primary key is being revoked via key-revocation signatures. - Check, if the keys user-ids are revoked or not bound. - Check, if the signing subkey is revoked or expired. - Check, if the signing key is not capable of signing- Parameters:
signature- signaturesigningKeyRing- signing key ringpolicy- validation policy- Returns:
- true if the signing key was eligible to create the signature
- Throws:
SignatureValidationException- in case of a validation constraint violation
-
validateSignatureChain
public static boolean validateSignatureChain(org.bouncycastle.openpgp.PGPSignature signature, java.io.InputStream signedData, org.bouncycastle.openpgp.PGPPublicKeyRing signingKeyRing, Policy policy, java.util.Date validationDate) throws SignatureValidationExceptionValidate the given signing key and then verify the given signature while parsing out the signed data. Uninitialized means that no signed data has been read and the hash generators state has not yet been updated.- Parameters:
signature- uninitialized signaturesignedData- input stream containing signed datasigningKeyRing- key ring containing signing keypolicy- validation policyvalidationDate- date of validation- Returns:
- true if the signature is valid, false otherwise
- Throws:
SignatureValidationException- for validation constraint violations
-
validateSignature
public static boolean validateSignature(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKeyRing verificationKeys, Policy policy) throws SignatureValidationExceptionValidate the signing key and the given initialized signature. Initialized means that the signatures hash generator has already been updated by reading the signed data completely.- Parameters:
signature- initialized signatureverificationKeys- key ring containing the verification keypolicy- validation policy- Returns:
- true if the signature is valid, false otherwise
- Throws:
SignatureValidationException- in case of a validation constraint violation
-
-