Package org.bouncycastle.openpgp.api
Class OpenPGPDetachedSignatureProcessor
java.lang.Object
org.bouncycastle.openpgp.api.OpenPGPDetachedSignatureProcessor
High-Level Processor for Messages Signed Using Detached OpenPGP Signatures.
To use this class, first instantiate the processor, optionally passing in a concrete
OpenPGPImplementation and OpenPGPPolicy.
Then, pass in any detached signatures you want to verify using addSignatures(InputStream).
Next, provide the expected issuers OpenPGPCertificates for signature
verification using addVerificationCertificate(OpenPGPCertificate).
Signatures for which no certificate was provided, and certificates for which no signature was added,
are ignored.
Optionally, you can specify a validity date range for the signatures using
verifyNotBefore(Date) and verifyNotAfter(Date).
Signatures outside this range will be ignored as invalid.
Lastly, provide an InputStream containing the original plaintext data, over which you want to
verify the detached signatures using process(InputStream).
As a result you will receive a list containing all processed
OpenPGPDocumentSignatures.
For these, you can check validity by calling OpenPGPSignature.OpenPGPDocumentSignature.isValid().
-
Constructor Summary
ConstructorsConstructorDescriptionInstantiate a signature processor using the defaultOpenPGPImplementationand itsOpenPGPPolicy.OpenPGPDetachedSignatureProcessor(OpenPGPImplementation implementation) Instantiate a signature processor using a customOpenPGPImplementationand itsOpenPGPPolicy.OpenPGPDetachedSignatureProcessor(OpenPGPImplementation implementation, OpenPGPPolicy policy) Instantiate a signature processor using a customOpenPGPImplementationand customOpenPGPPolicy. -
Method Summary
Modifier and TypeMethodDescriptionaddSignature(PGPSignature signature) Add a singledetached signatureto the processor.addSignatures(InputStream inputStream) Read one or moredetached signaturesfrom the providedInputStreamand add them to the processor.addSignatures(PGPSignatureList signatures) Add one or moredetached signaturesfrom the givenPGPSignatureListto the processor.addVerificationCertificate(OpenPGPCertificate certificate) Add an issuersOpenPGPCertificatefor signature verification.process(InputStream inputStream) Process the plaintext data from the givenInputStreamand return a list of processed detached signatures.Add a callback to which any OpenPGP-related exceptions are forwarded.verifyNotAfter(Date date) Reject detached signatures made after the givenverifyNotBefore(Date date) Reject detached signatures made before
-
Constructor Details
-
OpenPGPDetachedSignatureProcessor
public OpenPGPDetachedSignatureProcessor()Instantiate a signature processor using the defaultOpenPGPImplementationand itsOpenPGPPolicy. -
OpenPGPDetachedSignatureProcessor
Instantiate a signature processor using a customOpenPGPImplementationand itsOpenPGPPolicy.- Parameters:
implementation- custom OpenPGP implementation
-
OpenPGPDetachedSignatureProcessor
public OpenPGPDetachedSignatureProcessor(OpenPGPImplementation implementation, OpenPGPPolicy policy) Instantiate a signature processor using a customOpenPGPImplementationand customOpenPGPPolicy.- Parameters:
implementation- custom OpenPGP implementationpolicy- custom OpenPGP policy
-
-
Method Details
-
addSignatures
Read one or moredetached signaturesfrom the providedInputStreamand add them to the processor.- Parameters:
inputStream- input stream of armored or unarmored detached OpenPGP signatures- Returns:
- this
- Throws:
IOException- if something goes wrong reading from the stream
-
addSignatures
Add one or moredetached signaturesfrom the givenPGPSignatureListto the processor.- Parameters:
signatures- detached signature list- Returns:
- this
-
addSignature
Add a singledetached signatureto the processor.- Parameters:
signature- detached signature- Returns:
- this
-
addVerificationCertificate
Add an issuersOpenPGPCertificatefor signature verification.- Parameters:
certificate- OpenPGP certificate- Returns:
- this
-
verifyNotBefore
Reject detached signatures made beforedate
. By default, this value is set to the beginning of time.- Parameters:
date- date- Returns:
- this
-
verifyNotAfter
Reject detached signatures made after the givendate
. By default, this value is set to the current time at instantiation time, in order to prevent verification of signatures from the future.- Parameters:
date- date- Returns:
- this
-
process
public List<OpenPGPSignature.OpenPGPDocumentSignature> process(InputStream inputStream) throws IOException Process the plaintext data from the givenInputStreamand return a list of processed detached signatures. Note: This list will NOT contain any malformed signatures, or signatures for which no verification key was found. Correctness of these signatures can be checked viaOpenPGPSignature.OpenPGPDocumentSignature.isValid().- Parameters:
inputStream- data over which the detached signatures are calculated- Returns:
- list of processed detached signatures
- Throws:
IOException- if the data cannot be processed
-
setExceptionCallback
public OpenPGPDetachedSignatureProcessor setExceptionCallback(OpenPGPMessageProcessor.PGPExceptionCallback callback) Add a callback to which any OpenPGP-related exceptions are forwarded. Useful for debugging purposes.- Parameters:
callback- callback- Returns:
- this
-