}
//
// certifications
//
PGPSignatureGenerator sGen = new PGPSignatureGenerator(PublicKeyAlgorithmTags.RSA_GENERAL, HashAlgorithmTags.SHA1, "BC");
sGen.initSign(PGPSignature.KEY_REVOCATION, pgpPrivKey);
PGPSignature sig = sGen.generateCertification(secretKey.getPublicKey());
sig.initVerify(secretKey.getPublicKey(), "BC");
if (!sig.verifyCertification(secretKey.getPublicKey()))
{
fail("revocation verification failed.");
}
PGPSecretKeyRing pgpDSAPriv = new PGPSecretKeyRing(dsaKeyRing);
PGPSecretKey secretDSAKey = pgpDSAPriv.getSecretKey();
PGPPrivateKey pgpPrivDSAKey = secretDSAKey.extractPrivateKey(dsaPass, "BC");
sGen = new PGPSignatureGenerator(PublicKeyAlgorithmTags.DSA, HashAlgorithmTags.SHA1, "BC");
sGen.initSign(PGPSignature.SUBKEY_BINDING, pgpPrivDSAKey);
PGPSignatureSubpacketGenerator unhashedGen = new PGPSignatureSubpacketGenerator();
PGPSignatureSubpacketGenerator hashedGen = new PGPSignatureSubpacketGenerator();
hashedGen.setSignatureExpirationTime(false, TEST_EXPIRATION_TIME);
hashedGen.setSignerUserID(true, TEST_USER_ID);
hashedGen.setPreferredCompressionAlgorithms(false, PREFERRED_COMPRESSION_ALGORITHMS);
hashedGen.setPreferredHashAlgorithms(false, PREFERRED_HASH_ALGORITHMS);
hashedGen.setPreferredSymmetricAlgorithms(false, PREFERRED_SYMMETRIC_ALGORITHMS);
sGen.setHashedSubpackets(hashedGen.generate());
sGen.setUnhashedSubpackets(unhashedGen.generate());
sig = sGen.generateCertification(secretDSAKey.getPublicKey(), secretKey.getPublicKey());
byte[] sigBytes = sig.getEncoded();
PGPObjectFactory f = new PGPObjectFactory(sigBytes);
sig = ((PGPSignatureList) f.nextObject()).get(0);
sig.initVerify(secretDSAKey.getPublicKey(), "BC");
if (!sig.verifyCertification(secretDSAKey.getPublicKey(), secretKey.getPublicKey()))
{
fail("subkey binding verification failed.");
}
PGPSignatureSubpacketVector hashedPcks = sig.getHashedSubPackets();
PGPSignatureSubpacketVector unhashedPcks = sig.getUnhashedSubPackets();
if (hashedPcks.size() != 6)
{
fail("wrong number of hashed packets found.");
}
if (unhashedPcks.size() != 1)
{
fail("wrong number of unhashed packets found.");
}
if (!hashedPcks.getSignerUserID().equals(TEST_USER_ID))
{
fail("test userid not matching");
}
if (hashedPcks.getSignatureExpirationTime() != TEST_EXPIRATION_TIME)
{
fail("test signature expiration time not matching");
}
if (unhashedPcks.getIssuerKeyID() != secretDSAKey.getKeyID())
{
fail("wrong issuer key ID found in certification");
}
int[] prefAlgs = hashedPcks.getPreferredCompressionAlgorithms();
preferredAlgorithmCheck("compression", PREFERRED_COMPRESSION_ALGORITHMS, prefAlgs);
prefAlgs = hashedPcks.getPreferredHashAlgorithms();
preferredAlgorithmCheck("hash", PREFERRED_HASH_ALGORITHMS, prefAlgs);
prefAlgs = hashedPcks.getPreferredSymmetricAlgorithms();
preferredAlgorithmCheck("symmetric", PREFERRED_SYMMETRIC_ALGORITHMS, prefAlgs);
int[] criticalHashed = hashedPcks.getCriticalTags();
if (criticalHashed.length != 1)
{
fail("wrong number of critical packets found.");
}
if (criticalHashed[0] != SignatureSubpacketTags.SIGNER_USER_ID)
{
fail("wrong critical packet found in tag list.");
}
//
// no packets passed
//
sGen = new PGPSignatureGenerator(PublicKeyAlgorithmTags.DSA, HashAlgorithmTags.SHA1, "BC");
sGen.initSign(PGPSignature.SUBKEY_BINDING, pgpPrivDSAKey);
sGen.setHashedSubpackets(null);
sGen.setUnhashedSubpackets(null);
sig = sGen.generateCertification(TEST_USER_ID, secretKey.getPublicKey());
sig.initVerify(secretDSAKey.getPublicKey(), "BC");
if (!sig.verifyCertification(TEST_USER_ID, secretKey.getPublicKey()))
{
fail("subkey binding verification failed.");
}
hashedPcks = sig.getHashedSubPackets();
if (hashedPcks.size() != 1)
{
fail("found wrong number of hashed packets");
}
unhashedPcks = sig.getUnhashedSubPackets();
if (unhashedPcks.size() != 1)
{
fail("found wrong number of unhashed packets");
}
try
{
sig.verifyCertification(secretKey.getPublicKey());
fail("failed to detect non-key signature.");
}
catch (IllegalStateException e)
{
// expected
}
//
// override hash packets
//
sGen = new PGPSignatureGenerator(PublicKeyAlgorithmTags.DSA, HashAlgorithmTags.SHA1, "BC");
sGen.initSign(PGPSignature.SUBKEY_BINDING, pgpPrivDSAKey);
hashedGen = new PGPSignatureSubpacketGenerator();
hashedGen.setSignatureCreationTime(false, new Date(0L));
sGen.setHashedSubpackets(hashedGen.generate());
sGen.setUnhashedSubpackets(null);
sig = sGen.generateCertification(TEST_USER_ID, secretKey.getPublicKey());
sig.initVerify(secretDSAKey.getPublicKey(), "BC");
if (!sig.verifyCertification(TEST_USER_ID, secretKey.getPublicKey()))
{