Example 1 with SignatureSubpacket
use of org.bouncycastle.bcpg.SignatureSubpacket in project gerrit by GerritCodeReview.
the class PublicKeyChecker method checkTrustSubpacket.
private String checkTrustSubpacket(PGPSignature sig, int depth) {
SignatureSubpacket trustSub = sig.getHashedSubPackets().getSubpacket(SignatureSubpacketTags.TRUST_SIG);
if (trustSub == null || trustSub.getData().length != 2) {
return "Certification is missing trust information";
}
byte amount = trustSub.getData()[1];
if (amount < COMPLETE_TRUST) {
return "Certification does not fully trust key";
}
byte level = trustSub.getData()[0];
int required = depth + 1;
if (level < required) {
return "Certification trusts to depth " + level + ", but depth " + required + " is required";
}
return null;
}
Also used :
SignatureSubpacket(org.bouncycastle.bcpg.SignatureSubpacket)
Example 2 with SignatureSubpacket
use of org.bouncycastle.bcpg.SignatureSubpacket in project gerrit by GerritCodeReview.
the class PublicKeyChecker method getRevocationKey.
private RevocationKey getRevocationKey(PGPPublicKey key, PGPSignature sig) throws PGPException {
if (sig.getKeyID() != key.getKeyID()) {
return null;
}
SignatureSubpacket sub = sig.getHashedSubPackets().getSubpacket(REVOCATION_KEY);
if (sub == null) {
return null;
}
sig.init(new BcPGPContentVerifierBuilderProvider(), key);
if (!sig.verifyCertification(key)) {
return null;
}
return new RevocationKey(sub.isCritical(), sub.isLongLength(), sub.getData());
}
Also used :
BcPGPContentVerifierBuilderProvider(org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider)
RevocationKey(org.bouncycastle.bcpg.sig.RevocationKey)
SignatureSubpacket(org.bouncycastle.bcpg.SignatureSubpacket)
Aggregations
SignatureSubpacket (org.bouncycastle.bcpg.SignatureSubpacket)2
RevocationKey (org.bouncycastle.bcpg.sig.RevocationKey)1
BcPGPContentVerifierBuilderProvider (org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider)1
