Add clarifying comments

vanitasvitae · vanitasvitae · commit 951d6a23bc4e · 2025-03-27T15:44:21.000+01:00
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/api/OpenPGPCertificate.java b/pg/src/main/java/org/bouncycastle/openpgp/api/OpenPGPCertificate.java
@@ -3235,6 +3235,7 @@ private Date getBackSigExpirationTime()
                     {
                         OpenPGPComponentSignature backSig = new OpenPGPComponentSignature(
                                 embeddedSigs.get(0),
+                                // Primary Key Binding Signature has issuer and target swapped
                                 /* issuer= */getSignature().getTargetKeyComponent(),
                                 /* target= */getSignature().getIssuer());
                         return backSig.getExpirationTime();
@@ -3259,7 +3260,7 @@ public boolean verify(PGPContentVerifierBuilderProvider contentVerifierBuilderPr
                                   OpenPGPPolicy policy)
                     throws PGPSignatureException
             {
-                signature.verify(contentVerifierBuilderProvider, policy);
+                signature.verify(contentVerifierBuilderProvider, policy); // throws if invalid
                 return true;
             }
 
@@ -3338,6 +3339,7 @@ public Date since()
             {
                 if (signature.signature.isHardRevocation())
                 {
+                    // hard revocations are valid retroactively, so we return the beginning of time here
                     return new Date(0L);
                 }
                 return super.since();
@@ -3348,6 +3350,7 @@ public Date until()
             {
                 if (signature.signature.isHardRevocation())
                 {
+                    // hard revocations do not expire, so they are effective indefinitely
                     return new Date(Long.MAX_VALUE);
                 }
                 return super.until();

Original file line number	Diff line number	Diff line change
`@@ -3235,6 +3235,7 @@ private Date getBackSigExpirationTime()`
`3235`	`3235`	`{`
`3236`	`3236`	`OpenPGPComponentSignature backSig = new OpenPGPComponentSignature(`
`3237`	`3237`	`embeddedSigs.get(0),`
	`3238`	`+ // Primary Key Binding Signature has issuer and target swapped`
`3238`	`3239`	`/* issuer= */getSignature().getTargetKeyComponent(),`
`3239`	`3240`	`/* target= */getSignature().getIssuer());`
`3240`	`3241`	`return backSig.getExpirationTime();`
`@@ -3259,7 +3260,7 @@ public boolean verify(PGPContentVerifierBuilderProvider contentVerifierBuilderPr`
`3259`	`3260`	`OpenPGPPolicy policy)`
`3260`	`3261`	`throws PGPSignatureException`
`3261`	`3262`	`{`
`3262`		`- signature.verify(contentVerifierBuilderProvider, policy);`
	`3263`	`+ signature.verify(contentVerifierBuilderProvider, policy); // throws if invalid`
`3263`	`3264`	`return true;`
`3264`	`3265`	`}`
`3265`	`3266`
`@@ -3338,6 +3339,7 @@ public Date since()`
`3338`	`3339`	`{`
`3339`	`3340`	`if (signature.signature.isHardRevocation())`
`3340`	`3341`	`{`
	`3342`	`+ // hard revocations are valid retroactively, so we return the beginning of time here`
`3341`	`3343`	`return new Date(0L);`
`3342`	`3344`	`}`
`3343`	`3345`	`return super.since();`
`@@ -3348,6 +3350,7 @@ public Date until()`
`3348`	`3350`	`{`
`3349`	`3351`	`if (signature.signature.isHardRevocation())`
`3350`	`3352`	`{`
	`3353`	`+ // hard revocations do not expire, so they are effective indefinitely`
`3351`	`3354`	`return new Date(Long.MAX_VALUE);`
`3352`	`3355`	`}`
`3353`	`3356`	`return super.until();`