Class PGPPublicKeyService

java.lang.Object
org.eclipse.equinox.p2.repository.spi.PGPPublicKeyService

public abstract class PGPPublicKeyService extends Object
A service for managing and searching keys. Implementations may make use of a key server to fetch up-to-date information about keys. Implementations should generally provide support for caching and efficient lookup of keys, especially lookup based on key ID because signatures generally use key IDs and this is the primary use case.

Implementors of this service are responsible for registering the implementation with the provisioning agent either explicitly or via an agent service factory.

Since:
2.6
See Also:
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    The name used for obtaining a reference to the key service.
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    abstract org.bouncycastle.openpgp.PGPPublicKey
    addKey(org.bouncycastle.openpgp.PGPPublicKey key)
    Adds the given key to this key service.
    static long
    compareSignatureTimeToKeyValidityTime(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKey key)
    If the signature's creation time is before the key's creation time, this returns a negative value equal to the number of milliseconds that the signature was created before the key was created.
    org.bouncycastle.openpgp.PGPPublicKey
    getKey(byte[] fingerprint)
    Returns the key associated with the given fingerprint.
    abstract org.bouncycastle.openpgp.PGPPublicKey
    getKey(String fingerprint)
    Returns the key associated with the given fingerprint represented as a hexadecimal string value.
    abstract Collection<org.bouncycastle.openpgp.PGPPublicKey>
    getKeys(long keyID)
    Returns the keys associated with the given key ID.
    abstract Set<org.bouncycastle.openpgp.PGPPublicKey>
    getVerifiedCertifications(org.bouncycastle.openpgp.PGPPublicKey key)
    Returns the set of keys that have been verified to have signed the given key.
    abstract Date
    getVerifiedRevocationDate(org.bouncycastle.openpgp.PGPPublicKey key)
    If this key has a revocation signature that is verified to have been signed by the public key of that revocation signature, this returns the creation time of that signature, otherwise it returns null.
    boolean
    isCreatedBeforeRevocation(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKey key)
    Returns whether the signature's creation time is before the key's verified revocation date, if that key has one.
    static String
    toHex(byte[] bytes)
    Returns the hexadecimal representation of the given bytes.
    static String
    toHex(long keyID)
    Returns the hexadecimal representation of the given long value, typically a key ID, padded with leading zeros to a length of 16.
    static String
    toHexFingerprint(org.bouncycastle.openpgp.PGPPublicKey key)
    Returns the hexadecimal representation of the key's fingerprint.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

  • Constructor Details

    • PGPPublicKeyService

      public PGPPublicKeyService()
  • Method Details

    • getKey

      public org.bouncycastle.openpgp.PGPPublicKey getKey(byte[] fingerprint)
      Returns the key associated with the given fingerprint.
      Parameters:
      fingerprint - the fingerprint for which to search.
      Returns:
      the key with the matching fingerprint.
      See Also:
      • PGPPublicKey.getFingerprint()
    • getKey

      public abstract org.bouncycastle.openpgp.PGPPublicKey getKey(String fingerprint)
      Returns the key associated with the given fingerprint represented as a hexadecimal string value.
      Parameters:
      fingerprint - the fingerprint for which to search.
      Returns:
      the key with the matching fingerprint.
      See Also:
    • getKeys

      public abstract Collection<org.bouncycastle.openpgp.PGPPublicKey> getKeys(long keyID)
      Returns the keys associated with the given key ID. In general, key ID collisions are possible so implementations must be tolerant of that.
      Parameters:
      keyID - the key ID for which to search.
      Returns:
      the keys with the matching key IDs.
      See Also:
      • PGPPublicKey.getKeyID()
      • PGPSignature.getKeyID()
    • addKey

      public abstract org.bouncycastle.openpgp.PGPPublicKey addKey(org.bouncycastle.openpgp.PGPPublicKey key)
      Adds the given key to this key service. An implementations may fetch more up-to-date information about this key from a key server and may return a different key than the one passed in here. In general an implementation may also return an existing key, with the same fingerprint, already known to the key service.
      Parameters:
      key - the key to add.
      Returns:
      the normalized key available in this key service.
    • getVerifiedCertifications

      public abstract Set<org.bouncycastle.openpgp.PGPPublicKey> getVerifiedCertifications(org.bouncycastle.openpgp.PGPPublicKey key)
      Returns the set of keys that have been verified to have signed the given key. These are the links in the web of trust.
      Parameters:
      key - the key for which to find keys that have signed it.
      Returns:
      the set of keys that have been verified to have signed the given key.
      See Also:
      • PGPSignature.verifyCertification(String, PGPPublicKey)
      • PGPSignature.verifyCertification(PGPPublicKey, PGPPublicKey)
    • getVerifiedRevocationDate

      public abstract Date getVerifiedRevocationDate(org.bouncycastle.openpgp.PGPPublicKey key)
      If this key has a revocation signature that is verified to have been signed by the public key of that revocation signature, this returns the creation time of that signature, otherwise it returns null.
      Parameters:
      key - the key to test for revocation.
      Returns:
      when this key was verifiably revoked, or null if it is not revoked.
      See Also:
      • PGPSignature.getKeyID()
      • PGPPublicKey.hasRevocation()
      • PGPSignature.getCreationTime()
      • PGPSignature.KEY_REVOCATION
      • PGPSignature.SUBKEY_REVOCATION
    • isCreatedBeforeRevocation

      public boolean isCreatedBeforeRevocation(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKey key)
      Returns whether the signature's creation time is before the key's verified revocation date, if that key has one.
      Parameters:
      signature - the signature to test.
      key - the corresponding key of this signature against which to test.
      Returns:
      true if the signature was created before the key was revoked or if the key is not revoked, false otherwise.
      Throws:
      IllegalArgumentException - if the signature's key is not the same as the key's key ID
    • toHexFingerprint

      public static String toHexFingerprint(org.bouncycastle.openpgp.PGPPublicKey key)
      Returns the hexadecimal representation of the key's fingerprint.
      Parameters:
      key - the key for which to get the hexadecimal fingerprint.
      Returns:
      the hexadecimal representation of the key's fingerprint.
    • toHex

      public static String toHex(byte[] bytes)
      Returns the hexadecimal representation of the given bytes.
      Parameters:
      bytes - the bytes to convert to a hexadecimal representation.
      Returns:
      the hexadecimal representation of the given bytes.
    • toHex

      public static String toHex(long keyID)
      Returns the hexadecimal representation of the given long value, typically a key ID, padded with leading zeros to a length of 16.
      Parameters:
      keyID - the long value, typically a key ID, to convert to a hexadecimal representation.
      Returns:
      the hexadecimal representation of the given long value, padded with leading zeros.
    • compareSignatureTimeToKeyValidityTime

      public static long compareSignatureTimeToKeyValidityTime(org.bouncycastle.openpgp.PGPSignature signature, org.bouncycastle.openpgp.PGPPublicKey key)
      If the signature's creation time is before the key's creation time, this returns a negative value equal to the number of milliseconds that the signature was created before the key was created. If the key has a validity period, i.e., if the key expires, and the signature's creation time is after the key's expiration, returns a positive value equal to the number of milliseconds that the signature was created after the key's expiration. Otherwise, the signature was created during the period of time that the key was valid and this returns 0.
      Parameters:
      signature - the signature to test.
      key - the corresponding key of this signature against which to test.
      Returns:
      a negative value representing the number of milliseconds the signature was created before the key was created, a positive value representing the number of milliseconds the signature as created after the key expired, or 0 if the signature was created during the valid period of the key.
      Throws:
      IllegalArgumentException - if the signature's key is not the same as the key's key ID