Examples with BcPGPContentVerifierBuilderProvider org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider used on opensource projects

Example 1 with BcPGPContentVerifierBuilderProvider

use of org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider in project gerrit by GerritCodeReview.

the class PublicKeyChecker method checkRevocations.

private void checkRevocations(PGPPublicKey key, List<PGPSignature> revocations, Map<Long, RevocationKey> revokers, List<String> problems) throws PGPException, IOException {
    for (PGPSignature revocation : revocations) {
        RevocationKey revoker = revokers.get(revocation.getKeyID());
        if (revoker == null) {
            // Not a designated revoker.
            continue;
        }
        byte[] rfp = revoker.getFingerprint();
        PGPPublicKeyRing revokerKeyRing = store.get(rfp);
        if (revokerKeyRing == null) {
            // Revoker is authorized and there is a revocation signature by this
            // revoker, but the key is not in the store so we can't verify the
            // signature.
            logger.atInfo().log("Key %s is revoked by %s, which is not in the store. Assuming revocation is valid.", lazy(() -> Fingerprint.toString(key.getFingerprint())), lazy(() -> Fingerprint.toString(rfp)));
            problems.add(reasonToString(getRevocationReason(revocation)));
            continue;
        }
        PGPPublicKey rk = revokerKeyRing.getPublicKey();
        if (rk.getAlgorithm() != revoker.getAlgorithm()) {
            continue;
        }
        if (!checkBasic(rk, PushCertificateChecker.getCreationTime(revocation)).isOk()) {
            // revocation is invalid.
            continue;
        }
        revocation.init(new BcPGPContentVerifierBuilderProvider(), rk);
        if (revocation.verifyCertification(key)) {
            problems.add(reasonToString(getRevocationReason(revocation)));
        }
    }
}

Example 2 with BcPGPContentVerifierBuilderProvider

use of org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider in project bisq-desktop by bisq-network.

the class BisqInstaller method verifySignature.

/**
 * Verifies detached PGP signatures against GPG/openPGP RSA public keys. Does currently not work with openssl or JCA/JCE keys.
 *
 * @param pubKeyFile Path to file providing the public key to use
 * @param sigFile    Path to detached signature file
 * @param dataFile   Path to signed data file
 * @return {@code true} if signature is valid, {@code false} if signature is not valid
 * @throws Exception throws various exceptions in case something went wrong. Main reason should be that key or
 *                   signature could be extracted from the provided files due to a "bad" format.<br>
 *                   <code>FileNotFoundException, IOException, SignatureException, PGPException</code>
 */
public static VerifyStatusEnum verifySignature(File pubKeyFile, File sigFile, File dataFile) throws Exception {
    InputStream inputStream;
    int bytesRead;
    PGPPublicKey publicKey;
    PGPSignature pgpSignature;
    boolean result;
    // Read keys from file
    inputStream = PGPUtil.getDecoderStream(new FileInputStream(pubKeyFile));
    PGPPublicKeyRingCollection publicKeyRingCollection = new PGPPublicKeyRingCollection(inputStream, new JcaKeyFingerprintCalculator());
    inputStream.close();
    Iterator<PGPPublicKeyRing> iterator = publicKeyRingCollection.getKeyRings();
    PGPPublicKeyRing pgpPublicKeyRing;
    if (iterator.hasNext()) {
        pgpPublicKeyRing = iterator.next();
    } else {
        throw new PGPException("Could not find public keyring in provided key file");
    }
    // Would be the solution for multiple keys in one file
    // Iterator<PGPPublicKey> kIt;
    // kIt = pgpPublicKeyRing.getPublicKeys();
    // publicKey = pgpPublicKeyRing.getPublicKey(0xF5B84436F379A1C6L);
    // Read signature from file
    inputStream = PGPUtil.getDecoderStream(new FileInputStream(sigFile));
    PGPObjectFactory pgpObjectFactory = new PGPObjectFactory(inputStream, new JcaKeyFingerprintCalculator());
    Object o = pgpObjectFactory.nextObject();
    if (o instanceof PGPSignatureList) {
        PGPSignatureList signatureList = (PGPSignatureList) o;
        checkArgument(!signatureList.isEmpty(), "signatureList must not be empty");
        pgpSignature = signatureList.get(0);
    } else if (o instanceof PGPSignature) {
        pgpSignature = (PGPSignature) o;
    } else {
        throw new SignatureException("Could not find signature in provided signature file");
    }
    inputStream.close();
    log.debug("KeyID used in signature: %X\n", pgpSignature.getKeyID());
    publicKey = pgpPublicKeyRing.getPublicKey(pgpSignature.getKeyID());
    // If signature is not matching the key used for signing we fail
    if (publicKey == null)
        return VerifyStatusEnum.FAIL;
    log.debug("The ID of the selected key is %X\n", publicKey.getKeyID());
    pgpSignature.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
    // Read file to verify
    byte[] data = new byte[1024];
    inputStream = new DataInputStream(new BufferedInputStream(new FileInputStream(dataFile)));
    while (true) {
        bytesRead = inputStream.read(data, 0, 1024);
        if (bytesRead == -1)
            break;
        pgpSignature.update(data, 0, bytesRead);
    }
    inputStream.close();
    // Verify the signature
    result = pgpSignature.verify();
    return result ? VerifyStatusEnum.OK : VerifyStatusEnum.FAIL;
}

Example 3 with BcPGPContentVerifierBuilderProvider

use of org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider in project gerrit by GerritCodeReview.

the class PublicKeyStore method getSigner.

/**
 * Choose the public key that produced a signature.
 *
 * <p>
 *
 * @param keyRings candidate keys.
 * @param sig signature object.
 * @param data signed payload.
 * @return the key chosen from {@code keyRings} that was able to verify the signature, or {@code
 *     null} if none was found.
 * @throws PGPException if an error occurred verifying the signature.
 */
public static PGPPublicKey getSigner(Iterable<PGPPublicKeyRing> keyRings, PGPSignature sig, byte[] data) throws PGPException {
    for (PGPPublicKeyRing kr : keyRings) {
        // Possibly return a signing subkey in case it differs from the master public key
        PGPPublicKey k = kr.getPublicKey(sig.getKeyID());
        if (k == null) {
            throw new IllegalStateException("No public key found for ID: " + keyIdToString(sig.getKeyID()));
        }
        sig.init(new BcPGPContentVerifierBuilderProvider(), k);
        sig.update(data);
        if (sig.verify()) {
            // be performed using the master public key.
            return kr.getPublicKey();
        }
    }
    return null;
}

Example 4 with BcPGPContentVerifierBuilderProvider

use of org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider in project gerrit by GerritCodeReview.

the class PublicKeyStore method getSigner.

/**
 * Choose the public key that produced a certification.
 *
 * <p>
 *
 * @param keyRings candidate keys.
 * @param sig signature object.
 * @param userId user ID being certified.
 * @param key key being certified.
 * @return the key chosen from {@code keyRings} that was able to verify the certification, or
 *     {@code null} if none was found.
 * @throws PGPException if an error occurred verifying the certification.
 */
public static PGPPublicKey getSigner(Iterable<PGPPublicKeyRing> keyRings, PGPSignature sig, String userId, PGPPublicKey key) throws PGPException {
    for (PGPPublicKeyRing kr : keyRings) {
        PGPPublicKey k = kr.getPublicKey();
        sig.init(new BcPGPContentVerifierBuilderProvider(), k);
        if (sig.verifyCertification(userId, key)) {
            return k;
        }
    }
    return null;
}

Example 5 with BcPGPContentVerifierBuilderProvider

use of org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider in project gerrit by GerritCodeReview.

the class PublicKeyChecker method getRevocationKey.

private RevocationKey getRevocationKey(PGPPublicKey key, PGPSignature sig) throws PGPException {
    if (sig.getKeyID() != key.getKeyID()) {
        return null;
    }
    SignatureSubpacket sub = sig.getHashedSubPackets().getSubpacket(REVOCATION_KEY);
    if (sub == null) {
        return null;
    }
    sig.init(new BcPGPContentVerifierBuilderProvider(), key);
    if (!sig.verifyCertification(key)) {
        return null;
    }
    return new RevocationKey(sub.isCritical(), sub.isLongLength(), sub.getData());
}