diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java index eedfb302..3724c1c1 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java +++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java @@ -239,11 +239,13 @@ public final class DecryptionStreamFactory { return literalDataInputStream; } + // Parse signatures from message PGPSignatureList signatures = parseSignatures(objectFactory); List signatureList = SignatureUtils.toList(signatures); - + // Set signatures as comparison sigs in OPS checks for (int i = 0; i < onePassSignatureChecks.size(); i++) { - onePassSignatureChecks.get(i).setSignature(signatureList.get(onePassSignatureChecks.size() - i - 1)); + int reversedIndex = onePassSignatureChecks.size() - i - 1; + onePassSignatureChecks.get(i).setSignature(signatureList.get(reversedIndex)); } return new SignatureInputStream.VerifySignatures(literalDataInputStream, diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/OnePassSignatureCheck.java b/pgpainless-core/src/main/java/org/pgpainless/signature/OnePassSignatureCheck.java index 7122443d..6c474ccc 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/OnePassSignatureCheck.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/OnePassSignatureCheck.java @@ -15,11 +15,9 @@ */ package org.pgpainless.signature; -import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPOnePassSignature; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSignature; -import org.pgpainless.decryption_verification.SignatureInputStream; import org.pgpainless.key.OpenPgpV4Fingerprint; import org.pgpainless.key.SubkeyIdentifier; @@ -32,7 +30,6 @@ public class OnePassSignatureCheck { private final PGPOnePassSignature onePassSignature; private final PGPPublicKeyRing verificationKeys; private PGPSignature signature; - private boolean verified; /** * Create a new {@link OnePassSignatureCheck}. @@ -49,15 +46,6 @@ public class OnePassSignatureCheck { this.signature = signature; } - /** - * Return true if the signature is verified. - * - * @return verified - */ - public boolean isVerified() { - return verified; - } - /** * Return the {@link PGPOnePassSignature} object. * @@ -76,23 +64,6 @@ public class OnePassSignatureCheck { return new SubkeyIdentifier(verificationKeys, onePassSignature.getKeyID()); } - /** - * Verify the one-pass signature. - * Note: This method only checks if the signature itself is correct. - * It does not check if the signing key was eligible to create the signature, or if the signature is expired etc. - * Those checks are being done by {@link SignatureInputStream.VerifySignatures}. - * - * @return true if the signature was verified, false otherwise - * @throws PGPException if signature verification fails with an exception. - */ - public boolean verify() throws PGPException { - if (signature == null) { - throw new IllegalStateException("No comparison signature provided."); - } - this.verified = getOnePassSignature().verify(signature); - return verified; - } - /** * Return the signature. * diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureVerifier.java b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureVerifier.java index 97a4fb00..e00536c9 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureVerifier.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureVerifier.java @@ -435,7 +435,10 @@ public final class SignatureVerifier { } try { - if (!onePassSignature.verify()) { + if (onePassSignature.getSignature() == null) { + throw new IllegalStateException("No comparison signature provided."); + } + if (!onePassSignature.getOnePassSignature().verify(signature)) { throw new SignatureValidationException("Bad signature of key " + Long.toHexString(signingKey.getKeyID())); } } catch (PGPException e) {