Sanitize signatures

bcsop/src/main/java/org/pgpainless/bouncycastle/sop/operation/AbstractBCOperation.java

@@ -3,6 +3,7 @@ package org.pgpainless.bouncycastle.sop.operation;
 import org.bouncycastle.openpgp.PGPSessionKey;
 import org.bouncycastle.openpgp.api.OpenPGPMessageInputStream;
 import org.bouncycastle.openpgp.api.OpenPGPSignature;
+import org.bouncycastle.openpgp.api.exception.MalformedPGPSignatureException;
 import org.bouncycastle.util.encoders.Hex;
 import sop.SessionKey;
 import sop.Verification;
@@ -28,12 +29,19 @@ public abstract class AbstractBCOperation
         List<Verification> verifications = new ArrayList<>();
         for (OpenPGPSignature.OpenPGPDocumentSignature sig : signatures)
         {
-            if (sig.isValid())
+            try
             {
-                Verification verification = new Verification(sig.getCreationTime(),
+                if (sig.isValid())
-                        Hex.toHexString(sig.getIssuer().getKeyIdentifier().getFingerprint()),
+                {
-                        Hex.toHexString(sig.getIssuerCertificate().getFingerprint()));
+                    Verification verification = new Verification(sig.getCreationTime(),
-                verifications.add(verification);
+                            Hex.toHexString(sig.getIssuer().getKeyIdentifier().getFingerprint()),
+                            Hex.toHexString(sig.getIssuerCertificate().getFingerprint()));
+                    verifications.add(verification);
+                }
+            }
+            catch (MalformedPGPSignatureException e)
+            {
+                // ignore malformed sig
             }
         }
         return verifications;

bcsop/src/main/java/org/pgpainless/bouncycastle/sop/operation/BCDecrypt.java

@@ -24,8 +24,6 @@ public class BCDecrypt
         extends AbstractBCOperation
         implements Decrypt {
 
-    private Date notBefore = new Date(Long.MAX_VALUE);  // end of time
-    private Date notAfter = new Date();                 // now
     private char[] keyPassword;
 
     private final OpenPGPMessageProcessor processor = new OpenPGPMessageProcessor();
@@ -55,14 +53,14 @@ public class BCDecrypt
     @NotNull
     @Override
     public Decrypt verifyNotBefore(@NotNull Date date) throws SOPGPException.UnsupportedOption {
-        this.notBefore = date;
+        processor.verifyNotBefore(date);
         return this;
     }
 
     @NotNull
     @Override
     public Decrypt verifyNotAfter(@NotNull Date date) throws SOPGPException.UnsupportedOption {
-        this.notAfter = date;
+        processor.verifyNotAfter(date);
         return this;
     }
 

bcsop/src/main/java/org/pgpainless/bouncycastle/sop/operation/BCDetachedVerify.java

@@ -3,7 +3,6 @@ package org.pgpainless.bouncycastle.sop.operation;
 import org.bouncycastle.openpgp.api.OpenPGPCertificate;
 import org.bouncycastle.openpgp.api.OpenPGPDetachedSignatureProcessor;
 import org.bouncycastle.openpgp.api.OpenPGPSignature;
-import org.bouncycastle.util.encoders.Hex;
 import org.jetbrains.annotations.NotNull;
 import sop.Verification;
 import sop.exception.SOPGPException;
@@ -12,7 +11,6 @@ import sop.operation.VerifySignatures;
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
 
@@ -37,11 +35,13 @@ public class BCDetachedVerify
 
     @Override
     public DetachedVerify notBefore(@NotNull Date date) throws SOPGPException.UnsupportedOption {
+        processor.verifyNotBefore(date);
         return this;
     }
 
     @Override
     public DetachedVerify notAfter(@NotNull Date date) throws SOPGPException.UnsupportedOption {
+        processor.verifyNotAfter(date);
         return this;
     }
 

bcsop/src/main/java/org/pgpainless/bouncycastle/sop/operation/BCInlineVerify.java

@@ -49,11 +49,13 @@ public class BCInlineVerify
 
     @Override
     public InlineVerify notBefore(@NotNull Date date) throws SOPGPException.UnsupportedOption {
+        processor.verifyNotBefore(date);
         return this;
     }
 
     @Override
     public InlineVerify notAfter(@NotNull Date date) throws SOPGPException.UnsupportedOption {
+        processor.verifyNotAfter(date);
         return this;
     }