Native support for notBefore and notAfter signature creation time constraints

2025-09-10 10:49:39 +02:00 · 2021-08-17 14:47:07 +02:00 · 2021-08-17 14:47:07 +02:00 · 099b160656
commit 099b160656
parent 6a108cb8c0
6 changed files with 68 additions and 45 deletions
--- a/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java
+++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java
@ -53,7 +53,7 @@ public class DecryptImpl implements Decrypt {
        try {
            consumerOptions.verifyNotBefore(timestamp);
        } catch (NotYetImplementedException e) {
-            // throw new SOPGPException.UnsupportedOption();
+            throw new SOPGPException.UnsupportedOption();
        }
        return this;
    }
@ -63,7 +63,7 @@ public class DecryptImpl implements Decrypt {
        try {
            consumerOptions.verifyNotAfter(timestamp);
        } catch (NotYetImplementedException e) {
-            // throw new SOPGPException.UnsupportedOption();
+            throw new SOPGPException.UnsupportedOption();
        }
        return this;
    }
@ -91,7 +91,7 @@ public class DecryptImpl implements Decrypt {
    }

    @Override
-    public DecryptImpl withPassword(String password) throws SOPGPException.PasswordNotHumanReadable, SOPGPException.UnsupportedOption {
+    public DecryptImpl withPassword(String password) {
        consumerOptions.addDecryptionPassphrase(Passphrase.fromPassword(password));
        String withoutTrailingWhitespace = removeTrailingWhitespace(password);
        if (!password.equals(withoutTrailingWhitespace)) {
@ -158,17 +158,10 @@ public class DecryptImpl implements Decrypt {
                List<Verification> verificationList = new ArrayList<>();
                for (SubkeyIdentifier verifiedSigningKey : metadata.getVerifiedSignatures().keySet()) {
                    PGPSignature signature = metadata.getVerifiedSignatures().get(verifiedSigningKey);
-                    Date verifyNotBefore = consumerOptions.getVerifyNotBefore();
-                    Date verifyNotAfter = consumerOptions.getVerifyNotAfter();
-
-                    if (verifyNotAfter == null || !signature.getCreationTime().after(verifyNotAfter)) {
-                        if (verifyNotBefore == null || !signature.getCreationTime().before(verifyNotBefore)) {
-                            verificationList.add(new Verification(
-                                    signature.getCreationTime(),
-                                    verifiedSigningKey.getSubkeyFingerprint().toString(),
-                                    verifiedSigningKey.getPrimaryKeyFingerprint().toString()));
-                        }
-                    }
+                    verificationList.add(new Verification(
+                            signature.getCreationTime(),
+                            verifiedSigningKey.getSubkeyFingerprint().toString(),
+                            verifiedSigningKey.getPrimaryKeyFingerprint().toString()));
                }

                if (!consumerOptions.getCertificates().isEmpty()) {
--- a/pgpainless-sop/src/main/java/org/pgpainless/sop/VerifyImpl.java
+++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/VerifyImpl.java
@ -44,7 +44,7 @@ public class VerifyImpl implements Verify {
        try {
            options.verifyNotBefore(timestamp);
        } catch (NotYetImplementedException e) {
-            // throw new SOPGPException.UnsupportedOption();
+            throw new SOPGPException.UnsupportedOption();
        }
        return this;
    }
@ -54,7 +54,7 @@ public class VerifyImpl implements Verify {
        try {
            options.verifyNotAfter(timestamp);
        } catch (NotYetImplementedException e) {
-            // throw new SOPGPException.UnsupportedOption();
+            throw new SOPGPException.UnsupportedOption();
        }
        return this;
    }
@ -97,17 +97,10 @@ public class VerifyImpl implements Verify {

            for (SubkeyIdentifier verifiedSigningKey : metadata.getVerifiedSignatures().keySet()) {
                PGPSignature signature = metadata.getVerifiedSignatures().get(verifiedSigningKey);
-                Date verifyNotBefore = options.getVerifyNotBefore();
-                Date verifyNotAfter = options.getVerifyNotAfter();
-
-                if (verifyNotAfter == null || !signature.getCreationTime().after(verifyNotAfter)) {
-                    if (verifyNotBefore == null || !signature.getCreationTime().before(verifyNotBefore)) {
-                        verificationList.add(new Verification(
-                                signature.getCreationTime(),
-                                verifiedSigningKey.getSubkeyFingerprint().toString(),
-                                verifiedSigningKey.getPrimaryKeyFingerprint().toString()));
-                    }
-                }
+                verificationList.add(new Verification(
+                        signature.getCreationTime(),
+                        verifiedSigningKey.getSubkeyFingerprint().toString(),
+                        verifiedSigningKey.getPrimaryKeyFingerprint().toString()));
            }

            if (!options.getCertificates().isEmpty()) {